DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th May 2011
wesley wesley is offline
Real Name: Wesley
Fdisk Soldier
 
Join Date: Aug 2009
Location: Reunion Island
Posts: 76
Thanked 1 Time in 1 Post
Exclamation firewalling with a small soekris appliance

Hi,
At work, i used a Soekris Appliance, the first model(2001) : cpu 133 MHz with 64 Mo. I use it for PF and isakmpd vpn. I have also a NAS(3To) connected in our network. Clients(there are 3) send his backup at work using our vpn, and tranfert their datas to our nas (through an ipsec tunnel). Since, we put this firewall, we have some errors on copy.

I use top command on the OpenBSD firewall, and have this :
idle : 81 % ; Free MEM : 24 M

I tried to verify system with : systat and swapctl, all seems to me good. But

Do you think, that this appliance is too slow for what i do ? (transfert FTP through an ipsec tunnel).

Thank you very much for your replies!
Reply With Quote
  #2   (View Single Post)  
Old 4th June 2011
wimwauters wimwauters is offline
Port Guard
 
Join Date: Aug 2008
Posts: 36
Thanked 1 Time in 1 Post
Default

Short answer: get fresh hardware

Long 'answer':

What kind of copy errors? Have you considered using or testing with rsync?

Did you test data transfers through this box before you dropped it into your operational environment?

In this case of old hardware, it is a good idea to run hardware tests (like memtest), and suspect the power supply (i.e. you may find that replacing the power brick-power board or power supply fixes your problem).

You also may find the NIC hardware is browning out. Where did you get this 10 year old box from? Was it working correctly when they stopped using it and did they store it correctly after they stopped using it?

What kind of bandwidth do your VPN tunnels pump these backups at? Are these VPN tunnels competing with each other? Is there errors with only 1 VPN tunnel?

Also, what release are you running on that box? OpenBSD 4.0 only gets tested on so many hardware boxes.
Reply With Quote
  #3   (View Single Post)  
Old 6th June 2011
wesley wesley is offline
Real Name: Wesley
Fdisk Soldier
 
Join Date: Aug 2009
Location: Reunion Island
Posts: 76
Thanked 1 Time in 1 Post
Default re

I use OpenBSD 4.9, and i bought it on a website who are specialized in firewalling.

Access using ssh is slowest than using a small machine like a celeron.

So i suppose it is the appliance.

Concerning the transfert :
I use isakmpd so ipsec. And servers send theirs backups using FTP.
OpenBSD Firewall redirect its packets (ftp) using ftp-proxy to a NAS.

Before use it, (the appliance) , i used a small machine : Celeron with 512 Mo, and never received errors on copy. I choose this appliance because price is low and especially it is very small.
Reply With Quote
Reply

Tags
appliance vpn firewall bench

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
small guide on mutt & fdm qmemo Guides 0 17th May 2011 10:54 PM
Firewalling with PF qmemo OpenBSD General 0 14th February 2011 09:20 PM
soekris help revzalot OpenBSD Installation and Upgrading 6 17th December 2008 07:40 PM
One small question about portupgrade (and yes I HAVE read the man-pages!) wubrgamer FreeBSD Ports and Packages 7 20th September 2008 12:45 AM
Soekris Help revzalot General Hardware 2 27th August 2008 01:35 PM


All times are GMT. The time now is 09:11 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick