delete
Bleek..
Premium
join:2002-03-23
Bronx, NY
 ·Optimum Online
| Need Light Network Enabled Distro..
Hello everyone!
I need a lightweight distro which can handle the following all at a small cost (resources) and be run on a Single Board PC.
- Routing
- QOS
- VPN
- Firewall
I'm not oppossed to linux, bsd or any other distro. So long as resources are not hogs.
I will have the hardware to accomodate the requirements, but picking the right distro is where i need help.
I installed DSL (damn small linux) and its very light .. So something that light to run all of this is ideal ..
Any recommendations?
Thanks.. I know i can always count on the BBR *NIX team for help!
--
Give a man "linux knowledge" and he will learn for a day, teach a man to "google for linux knowledge" and he will learn for a lifetime. Said By DA OH
|
|
LLigetfa
join:2006-05-15
Fort Frances, ON | I run m0n0wall over FreeBSD on a WRAP SBC. You say you have the SBC already? |
|
delete
Bleek..
Premium
join:2002-03-23
Bronx, NY | No, Not yet. Trying to spec out distro before the purchase. I can emulate a nice environment here at work. |
|
delete
Bleek..
Premium
join:2002-03-23
Bronx, NY
·Optimum Online
| One other question .. Is there such an application that can cache data that is intended for a VPN connection when this VPN connection becomes disconnected for some reason?
So in other words when the tunnel is lost and comes back up, all happenings on the LAN side of the VPN tunnel will then be forwarded to the live tunnel.
Caching data when the link is down rather then just discarding it..
--
Give a man "linux knowledge" and he will learn for a day, teach a man to "google for linux knowledge" and he will learn for a lifetime. Said By DA OH
|
|
delete
Bleek..
Premium
join:2002-03-23
Bronx, NY | reply to delete
ANyone else with recommendations? I know there is someone doing all of this in 1 box  |
|
elboricua
El Subestimado
Premium
join:2001-08-12
Bronx, NY
| reply to delete
What kind of board? I run full blown OpenBSD on my Soekris Net4801-50 off of a 512 MB flash CF card. I run OpenVPN on this rig as well. PF for firewalling, but I don't do the QOS stuff, but it can be done quite easily. Runs great. I am guessing you could probably run a full install of FreeBSD or NetBSD on that as well.
I have tried Monowall and pfsense and both are great but I have always had trouble with both and 1to1 natting. Something about the gui throws me off 
--
My Blog | Sending script kiddies to /dev/null since 1995! |
|
delete
Bleek..
Premium
join:2002-03-23
Bronx, NY
·Optimum Online
| Hey elboricua!
No choice in board yet. I guess its fair to say that I will pick the board based on the OS and the features i need from it (applications)
So in pf QOS can be implemented?
pf can do the routing and firewall correct?
OpenBSD also .. that would be sweet and yes the soekris is what I'm looking at. Saw that on undeadly.org
Thanks...
--
Give a man "linux knowledge" and he will learn for a day, teach a man to "google for linux knowledge" and he will learn for a lifetime. Said By DA OH
|
|
elboricua
El Subestimado
Premium
join:2001-08-12
Bronx, NY
| Yes QOS can be implemented in PF. It's called ALTQ. And yes it can do the routing and firewalling, and is much easier to setup a ruleset than in linux IMO once you get used to the syntax.
Depending on the network load a 4801 or the cheaper 45xx series would work great. If you plan on having a high load I think the newer 5501-70 (500 mhz processor and 512MB ram) would be the better choice. It all depends on how many pc's are going to run behind it.
»www.openbsd.org/faq/pf/index.html
--
My Blog | Sending script kiddies to /dev/null since 1995! |
|
delete
Bleek..
Premium
join:2002-03-23
Bronx, NY
·Optimum Online
edit:
July 11th, @12:48PM
| Thank you very much .. Glad I took a liking to OpenBSD when I recently deployed it as my front-end mail gateway .. Now a new reason to deploy it.
So the bundle should look like:
OpenBSD
PF
ALTQ
OpenVPN
The soekris board we'll have to choose soon enough based on load.
Thanks again everyone
--
Give a man "linux knowledge" and he will learn for a day, teach a man to "google for linux knowledge" and he will learn for a lifetime. Said By DA OH
|
|
LLigetfa
join:2006-05-15
Fort Frances, ON
| reply to delete
You don't mention what sort of VPN you plan to support. PPTP or IPSEC? VPN client passthrough or S2S?
While I haven't followed the newsgroups closely to see if there is any new development, I believe m0n0wall has issues with IPSEC passthrough. Either that or it is my ineptitude. I've yet to try to setup a S2S VPN. |
|
delete
Bleek..
Premium
join:2002-03-23
Bronx, NY | IPSEC is what I'm looking to do .. elboricua OpenVPN can do this IIRC .. |
|
shdesigns
Powered By Infinite Improbabilty Drive
Premium
join:2000-12-01
Stone Mountain, GA
 ·Atlantic Nexus
| reply to delete
What speed do you plan to use the VPN over?
I have a Soekris and love its small size and low power. It is a bit underpowered. I used vtund and ssh for remote access. Worked well.
I think they sell an encryption accellerator card for them. If you are using a fast line, it would help on speed. Mine does my 1500/256 line fine, but I know it is a bit slow for a real fast line.
--
Scott Henion
Embedded Systems Consultant, shenion on #ATU @irc.freenode.net
SHDesigns home |
|
delete
Bleek..
Premium
join:2002-03-23
Bronx, NY | Looking to move SCADA data .. very small BW over T1 backbone .. What OS do you have deployed on yours? |
|
LLigetfa
join:2006-05-15
Fort Frances, ON
edit:
July 11th, @02:32PM
| reply to delete
My WRAP board moves data at the full 6mbps of my dedicated business ADSL but I have not tested VPN throughput specifically. |
|
bentman78
Bentley
join:2004-04-16
Arlington, VA
·Comcast
| reply to elboricua
agreed. I ran OBSD on a 512 flash card running OpenVPN PF/QOS, and DHCPD with other tools (pftop, ntop). It ran great. Stable and reliable. I mounted mount /var into MFS though and made / read only.
The only thing I found is OpenBSD's SIS driver is a littler slower than FreeBSD's.
--
"The democracy will cease to exist when you take away from those who are willing to work and give to those who would not. " - Thomas Jefferson |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Netcong, NJ
| reply to elboricua
said by elboricua  : I run full blown OpenBSD on my Soekris Net4801-50 off of a 512 MB flash CF card. I run OpenVPN on this rig as well. PF for firewalling, but I don't do the QOS stuff, but it can be done quite easily. Runs great. I am guessing you could probably run a full install of FreeBSD or NetBSD on that as well. A few other random "selling points" on OBSD:
-pf + CARP = dual firewalls that can seemlessly fail over should one die
-the best free bgp and ospf implementation out there if you need any actual "routing"
-a secure firewall
-supports encryption acceleration cards
-solid solid support for supported wireless cards, neat wireless tools too
-very tiny "distro"
-very well tested on Soekris hardware |
|
delete
Bleek..
Premium
join:2002-03-23
Bronx, NY | Thanks everyone for the recommendations.. I'm sold! |
|
