On Mon, Nov 05, 2007 at 01:29:05AM +0100, Cabillot Julien wrote: > Have you try openbsd 4.2 ? PF have been really improved in this > release. > > On Nov 5, 2007 1:09 AM, Chris Bullock <[EMAIL PROTECTED]> wrote: > > > We have been using OpenBSD my entire IT career, 5 1/2 years, I like > > the way its easy to roll out, configure and the cost the most. > > > > I would like an honest opinion of the group. We have customers that > > maintain their own firewalls and VPNs and it appears to us that that > > those sites seem to transmit data quicker than the sites that we > > maintain with OpenBSD firewalls and VPNs, assuming identical > > bandwidth. We have an OpenBSD VPN/firewall at our main site, so > > realistically, all of our data does transpose OpenBSD before it > > ultimately hits our network. > > > > My question is should I consider a non OpenBSD solutions, ie Cisco > > devs or should I attempt to tweak my existing boxes? > > Regards, > > Chris
Besides trying 4.2 (you should definitely do that), two other things might be considered: 1. VPN is computationally heavy -- is your hardware fast enough? 2. Try playing with queueing in PF to handle some types of traffic faster than others. AFAIK, it is normal to find this kind of configuration in commercial, black-box solutions, disguised as buzzy slogans like "Built-in QoS Super-Routing" :-) Just my two cents. Martin
