Re: [PLUG] Firewall choices for a small software development business

If your a business and you don't want to fuss with the network I'd always recommend static. I have basically zero issues with pfsense and openVPN with static, and I use it almost daily. There is no guarantee of how often your IP can change , so for a business why gamble?

With one openVPN user my pfsense box (a vm) never goes above 5%cpu so I'd say it can run quite a few users. The hypervisor is on old Dell r710 so only 6 core/ 12 threads, and pfsense gets one thread at most.

--
Lee Marzke. <Lmarzke@4aero.com>
Sent from phone

From: Soren Harward <stharward@gmail.com>
Sent: Jul 3, 2017 3:31 PM
To: Philadelphia Linux User's Group Discussion List
Subject: Re: [PLUG] Firewall choices for a small software development business

On Mon, Jul 3, 2017 at 3:11 PM K.S. Bhaskar <bhaskar@bhaskars.com> wrote:

All, as a post-script to my earlier request: for inbound ssh or VPN for the developers how reliable is that with a dynamic IP address (and a service like DynDNS)? Or should I go for a static IP address? Thanks.

If you're planning to do inbound VPN for more than one user, I would recommend that instead of using a "router", you use a barebones x86 box that has two to four ethernet ports; e.g. https://www.supermicro.com/products/system/1U/5018/SYS-5018A-FTN4.cfm or https://www.supermicro.com/products/system/Mini-ITX/SYS-E200-9B.cfm. Inexpensive consumer or SOHO routers don't have the CPU power to provide acceptable VPN bandwidth to multiple users, and routers that do have enough CPU power are much, much more expensive than a barebones x86 box. The other really big advantage to using an x86 box as your router is that it gives you a larger range of distros to choose from.

As far as static/dynamic IP goes, I have a "dynamic" IP from Verizon that changes about once a year, so keeping my dynamic hostname updated through he.net hasn't been a problem.

Soren Harward
stharward@gmail.com