|reply to bbarrera |
Re: Issues with new USG 50
said by bbarrera:Well, it was a lot more clicking and data entry than just using the DNS page in the USG! But yes, I do have more control now.
The easy way if you ask me, at least with OS X Server you have full control of BIND.
said by bbarrera:I got the USG because it could be an IPSEC endpoint. Is L2TP as secure as IPSEC? I know the iPhone does L2TP over IPSEC; does Mac OS X do the same thing? I suppose it would be nicer to use OS X Server to handle all of this but then I really don't need the power of the USG.
I gave up on using the router as IPSec endpoint for remote clients, and instead port forward to OS Server's L2TP Server. Works great with Mac and Windows and iOS.
If you are running BT and exposing yourself [figuratively] to the rest of the world, you may want to run IDS at a minimum. This will use a fair amount of that "excess" power. I also run the Kasperski AV, but it doesn't usually report any detections.
I also see several TCP flag attacks per hour from all over the world that IDS drops. If sent deliberately, it is the result of my IP addresses being available to BT trackers.
I have heard of a queuing theory that is possibly relevant: The wait time is proportional to the reciprocal of (1 minus the fractional utilization). The implication is that one doesn't want to try to utilize all of the power available. If I had money to burn I would have already moved to the USG 300, which is more "powerful" than my dual FTTH connections. The USG50 cannot perform AV and IDS on dual 30/15 data streams. (Some types of data are not examined, but right now I'm not clear how that affects actual throughput in my context of BT and video streaming from Crunchyroll.)
|reply to dda |
said by dda:Its actually L2TP over IPSec (L2TP/IPSec), with IPSec used to secure L2TP traffic.
I got the USG because it could be an IPSEC endpoint. Is L2TP as secure as IPSEC? I know the iPhone does L2TP over IPSEC; does Mac OS X do the same thing? I suppose it would be nicer to use OS X Server to handle all of this but then I really don't need the power of the USG.
said by bbarrera:While I have L2TP over IPSec working with the iPhone and iPad, it won't work when I use my work LAN, which is unfortunately double-NATted. It also doesn't work with the MacBook Pro at work, probably for the same reason. For the iDevices, it's easy; I switch to LTE but that doesn't cut it for the Macs. Any idea how to deal with double NATting? Or is that even an issue?
Its actually L2TP over IPSec (L2TP/IPSec), with IPSec used to secure L2TP traffic.
I dunno, its something I haven't encountered.