Lee H. Marzke on 3 Jul 2017 20:07:41 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall choices for a small software development business

FYI - a lot of the pfSense initial menu's are cluttered with too many options,  that often are not needed
for that menu.    I'd definitely recommend getting the install support  if it is only $200 to get you going,
and you can customize it easier once you see a working config.

I can confirm that the pfSense OpenVPN client export option works with Ubuntu 16.04 OpenVPN ( using network manager ) , or with
openvpn command-line scripts , and with Android and the OpenVPN download.

Lee

From: "K.S. Bhaskar" <bhaskar@bhaskars.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Monday, July 3, 2017 10:45:52 PM
Subject: Re: [PLUG] Firewall choices for a small software development        business
Soren --

Thanks for the pointers. I'm thinking of getting one of these: https://www.amazon.com/Firewall-micro-appliance-Gigabit-Intel/dp/B01AJEJG1A (comes with pfSense pre-loaded).

Regards
-- Bhaskar


On Mon, Jul 3, 2017 at 3:30 PM, Soren Harward <stharward@gmail.com> wrote:
On Mon, Jul 3, 2017 at 3:11 PM K.S. Bhaskar <bhaskar@bhaskars.com> wrote:
All, as a post-script to my earlier request: for inbound ssh or VPN for the developers how reliable is that with a dynamic IP address (and a service like DynDNS)? Or should I go for a static IP address? Thanks.

If you're planning to do inbound VPN for more than one user, I would recommend that instead of using a "router", you use a barebones x86 box that has two to four ethernet ports; e.g. https://www.supermicro.com/products/system/1U/5018/SYS-5018A-FTN4.cfm or https://www.supermicro.com/products/system/Mini-ITX/SYS-E200-9B.cfm.  Inexpensive consumer or SOHO routers don't have the CPU power to provide acceptable VPN bandwidth to multiple users, and routers that do have enough CPU power are much, much more expensive than a barebones x86 box.  The other really big advantage to using an x86 box as your router is that it gives you a larger range of distros to choose from.

As far as static/dynamic IP goes, I have a "dynamic" IP from Verizon that changes about once a year, so keeping my dynamic hostname updated through he.net hasn't been a problem.
--

Soren Harward
stharward@gmail.com


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--
"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217  office        +1 484-348-2230                       fax
+1 252 627-9531  sms  ( 252 MARZKE1 )
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug