1

I have been tasked with setting up 4 offices and connecting them all together so they can be on the same network. Does hardware really matter or could I build a decent machine in the low $1000's and load it with pfSense or another open source software or is it more ideal to go with a closed source application just for the support that you pay with it.

From those who have done both ways, what experience could you share to help with this decision on which way to go.

I was thinking of building some 1U server with the Atom c2750 board.

Jason
  • 3,931
  • 19
  • 66
  • 107

2 Answers2

3

Depends on your budget, but I'd pick up a few Cisco ASA 5505 or 5506-x units at ~$550 each.

Industry standard, reasonably easy to configure and no babysitting.

If you have dynamic IPs at any of the locations, maybe a Cisco Meraki unit with Auto-VPN functionality.

Substitute Cisco with Juniper, Sonicwall, whatever. But I don't advocate homebrew solutions for this stuff. The reason is that the much-endorsed hardware firewall/VPN enpoints come in at or below the materials cost of anything I'd trust to build a homebrew solution with.

ewwhite
  • 197,159
  • 92
  • 443
  • 809
2

It really all boil down on the amount of internet bandwidth you have and how much of it you want be able to use for your VPNs.

Even low end firewalls (under 500/600 euros) are capable of 50+ Mb/s of AES128 encrypted bandwidth (es: Sonicwall SOHO serie). For a even lower price (maintaining good performance) you can use Mikrotik's firewall.

If easy management is a requirement, I would consider a self-built unit only as a last resort, especially if you don't have a strong understanding of how IPSec works. Even better, if you want to pursue the self-built route, I suggest you to completely sidestep IPSec complications and go directly with OpenVPN.

shodanshok
  • 47,711
  • 7
  • 111
  • 180