Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router:Linux - Debian - With L2TP Fallback: Difference between revisions

Router:Linux - Debian - With L2TP Fallback (view source)

Revision as of 15:45, 14 April 2020

35 bytes added ,  14 April 2020
no edit summary
No edit summary
No edit summary
I investigated PFSense (My current firewall solution) and RouterOS, but neither had very satisfactory scripting abilities. Linux, on the other hand, had no such problem.
 
In this solution, I have chosen to place a Linux solution acting only as a router in front of my PFSense box. This kept a fairly nice GUI for day to day management, but provided it with a more robust way to connect to AAISP via a Linux router, all of which is hosted on an ESXi box. The obvious cost is an extra hop, which requires a bit of extra CPU and causes a bit of extra latency. When measured I found PFSense to need around 10x the CPU of the linux box (AlthoughLikely SNORT has a lot to do with this, and there will also be a little extra vSwitch load - SR-IOV is supported if you're desperate to avoid this) and an extra 1-2ms latency.
 
Throughout this guide, I'll likely refer to your PFSense box. While a few config tweaks will be needed, the guide should apply to more or less any firewall.
Wishy
28

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/14563