[lvs-users] [OT] High Performance Linux Firewall / VPN Device?

Joseph Mack NA3T jmack at wm7d.net
Sat Aug 13 21:16:24 BST 2011

On Sat, 13 Aug 2011, Robinson, Eric wrote:

> http://demo.endian.com
> Your Login: admin
> Your Password: efw_demo

it's running 10-50% CPU for about 5KBps. Maybe it's a 

I like their webpages though.

> By golly, they do. 400Mbps of VPN throughput is rather 
> disappointingly low.

Did you find a price?

> I was hoping to build a home-brew solution that would be 
> at least twice that, considering that one can buy a used 
> NetScreen or Nokia firewall that handles 25,000 tunnels at 
> 1+ Gbps throughput for about $3K.

You're going to be spending a bit of time to home brew. If 
your time is your own that's one thing, but if this is real 
business, I'd be buying the appliance.

> Oh well, back to eBay... :-)

There's some lesson here about packaging products and why 
having people who write GPL software doesn't make money.

It seems that writing the code (eg OpenVPN) isn't the hard 
part. Someone will do this for you for free. Endian had to 
design and build hardware, make sure it worked, get it UL 
certified, write configure scripts (and ones that would run 
inside a webpage), put up a nice webpage and pay people for 
about a year before the income stream started, with no real 
idea what to do if it didn't start.

Way back when the www started I wrote a demo PoS from which 
I hoped to make a packet. I realised that I'd have to get 
SSL certs and talk to banks etc to get them to handle the 
credit cards. So I knew I wasn't there. The customer wasn't 
interested (and later closed, possibly from having missed an 
opprtunity), so I dropped it. Not long after (well a couple 
of years), people had the on-line credit card stuff all 
packaged up and you just linked to their site to handle 
psyments. After that I realised I had been a little naive. I 
had a year to occupy that niche (including the commitment of 
time and money) or forget it. I could never have made it 
with just one on-line store and me in the basement.


Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

More information about the lvs-users mailing list