Lee H. Marzke on 13 Dec 2011 12:03:06 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SonicWall compatible firewall and VPN

Even for my personal access when out of the office ,  I connect through OpenVPN through
an Endian Firewall  appliance. \1

So if you can present Internet access to an appliance such as Endian you can setup a site-2-site VPN
to another Endian  box elsewhere on the Internet.  

Endian is software based ( open-source ) and/or a commercially supported software or hardware
appliance.    For branch offices the small hardware appliance may be much easier to install and/or
support.    This will do all your DHCP leases,  split-DNS , DNS cache,  OpenVPN, content filtering
RRD graphs, Snort intrusion detection. etc.
The supported version even allows management of a large number of units on Dynamic IP's from a
central web console without setting any DynIP DNS accounts up.

I've found that the open source version has 90% of the features working, so that may be good enough
if you roll out the same version everywhere after testing.  Otherwise the central management
available in the paid version makes it really easy to setup and manage with very little work.

Endian is a complete appliance with OS installed from a CD to a dedicated host.  It is Linux based but\
as an appliance all unnecessary tools including compilers, etc are removed.


\1 http://plone.4aero.com/Members/lmarzke/talks/plug_utm/index/presentation_view

From: "Art Alexion" <art.alexion@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, 13 December, 2011 12:04:00 PM
Subject: [PLUG] SonicWall compatible firewall and VPN

Problem:  I work for a non-profit social services agency.  We have branch offices, throughout the country, which often move when their one year leases run out in order to keep their rents low.  This presents a problem with their Internet accounts.  One solution we are testing are cellular based wireless APs.  That way, they can take their Internet access with them.  These devices are only sort of designed for this.  That is, they can be clustered to deliver more bandwidth, but doen't seem to support a hardware firewall/vpn because there is no wired connection.

Possible work-around: We are thinking that we might be able to connect a computer downstream that provides the firewall/vpn capabilities, and have the office workstations connect to the internet through that computer.

Has anyone ever done anything like this?
Ias there a distro that might do this better than another?
If not, recommendations for packages to install on Ubuntu or Debian systems that could accomplish this?


Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217  office        +1 484-348-2230                       fax
+1 610-564-4932  cell           sip://8003935217@4aero.com    VOIP

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug