> You may wish to look in to a SonicWall. They are expensive but do have > IPSec capabilities and I believe work with FreeSWAN (on a shared secret > basis). http://www.sonicwall.org. I also used a couple of SonicWalls in a 20-person mostly-Linux lab (2 rooms too distal to create a real private network, and a loaner mini-sonicwall for remote users at conferences). They seemed like a good product, very hassle-free once they worked the bugs out of their earlier firmwares, the VPN is indisputably easy to set up and quite adequately fast. As long as you can handle the price... The main thing I missed about our Linux firewall was the ability thereon to redirect incoming connections to port x of the masquerade IP address to port y of one of the internal boxes, for x != y. Not that you'd generally want to allow this, but there are cases in which it can be nice. They _may_ have added this in the last 8 months since I checked... -- Ben Pearre http://hebb.mit.edu/~ben
Attachment:
pgpQm5Q4a2F5S.pgp
Description: PGP signature