[clug] low power device for VPN end point

Rodney Peters rodneyp at iinet.net.au
Tue Jan 24 01:32:24 UTC 2017 


On 24/01/17 10:03, Dale Shaw wrote:
> Hi Peter,
>
> On 24 January 2017 at 09:06, Peter Barker <pbarker at barker.dropbear.id.au>
> wrote:
>> On Mon, 23 Jan 2017, Dale Shaw wrote:
>>
>>> On Mon, 9 Jan 2017 at 10:23 pm, Tony Lewis <tony at lewistribe.com> wrote:
>>>
>>>> I'm looking for a low power device to be a VPN end point, and I am after
>>>> recommendations, please.
>>> This is not quite what you've asked for -- it's not even Linux -- but
> have
>>> you considered something like this?
>>> Juniper SRX110H2 (used, includes TransACT and NBN compatible VDSL2
>>> interface)
>>> https://www.ebay.com.au/itm/292001464825
>>
>> That's fast ethernet only.
> That's correct. I wish being limited to only 100 Mb/s (65 Mb/s of IPsec VPN
> [full packet size], according to the data sheet[1]) was a problem I needed
> to work around. I assumed, perhaps incorrectly, that the requirement for
> VPN implied a requirement for Internet.
>
> [...]
>
>> I've just purchased a mini-itx, supposedly-15W system from China.  6
> "ethernet cards".  ~$200 sans-disks.
>>
> https://www.aliexpress.com/item/Firewall-Motherboar-J1900-10w-processor-based-firewall-motherboard-with-onboard-2GB-Ram/32749040807.html
> Interesting. Let us know how you go with that.
I'd particularly be interested in whether its UEFI has a "compatibility" 
mode.  I'd prefer to stick with IPFire, but that uses an older, hardened 
kernel and my attempt to boot it from a UEFI machine was unreliable.  
IPFire do say that BIOS or compatibility mode is required.
>> This is to replace my ailing Fit-PC which has served well for a decade,
> but looks to be unsupported by the next Debian.  I'm hoping to replace a
> managed 24-port gigabit ethernet switch with this and a 5W 8-port gigabit
> switch, resulting in lower overall power consumption (and a *much* simpler
> setup!)
>
> If you were looking at collapsing it all into a single device, then I would
> understand why the 8-port 10/100 Mb/s switch inside the SRX110 would be
> seen as a limitation.
>
> Vaguely related: Last I picked up a pair of Supermicro E200-8D mini
> servers. They're in a different league, price-wise, but they've been great.
> In theory you could run a virtual instance of your favourite
> router/firewall and, with AES-NI support, build a very high performance VPN
> endpoint.
>
> Cheers,
> Dale
>
> [1] http://www.juniper.net/assets/us/en/local/pdf/datasheets/1000281-en.pdf

Cheers,

Rod

More information about the linux mailing list