I have been moving a single Linux FW to a pair of OBSD machines, lured by carp and pfsync. This has been working well in my test environment. This also lead me to vpns running with ISAKMPD, replaceing a Freeswan box, and forestalling purchasing proprietary products for site to site partner vpns.
THE POINT: Where will I find docs that explains how this is done "Oh, and when your 3.8 VPNs failover statefully, too. :)" ? > -----Original Message----- > From: Jason Dixon [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 20, 2005 02:07 AM > To: 'Edy Purnomo' > Cc: misc@openbsd.org > Subject: Re: iptables vs pf > > On Oct 19, 2005, at 6:21 PM, Edy Purnomo wrote: > > > i suggested to my friend to replace his linux box to openbsd. > > he uses mailnly for internet gateway : pf + squid proxy > > after 2 weeks later he switched it back linux and said : linux much > > faster to respond the http requests (he had a same configuration on > > openbsd, pf + squid proxy). > > > > is there any program that can proof what he says ? > > thanks. > > Three points: > > 1) No way in hell is iptables faster than PF. > > 2) His box _may_ pass traffic faster, but this is almost certainly > due to the support level of the hardware. Without real information, > it's hard to qualify this. > > 3) Who cares? Why are you worried about what your friend uses? If > it works for him, so be it. Rather than trying to bring him over > "cuz PF is l33t", just make sure you mention how cool it is when your > stateful firewalls run 24x7. Oh, and when your 3.8 VPNs failover > statefully, too. :) > > http://www.openbsd.org/goals.html > > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net
