Sonic.net

There's are good usage cases for enabling additional logins to the VPN server but we'll need to decide if it is practical for us to address them.

kgc wrote:There's are good usage cases for enabling additional logins to the VPN server but we'll need to decide if it is practical for us to address them.

What is the primary usage case, then?

dane wrote:The Edgerouter's Cavium chip does IPSEC in hardware, so we're working on an IPSEC VPN solution which will be more appropriate than OpenVPN for that equipment. FYI!

Any update on this? Is there an ETA on the IPSEC solution?

svist wrote:

kgc wrote:There's are good usage cases for enabling additional logins to the VPN server but we'll need to decide if it is practical for us to address them.

What is the primary usage case, then?

One account, one VPN login. But I agree that wanting multiple sessions with different logins is a reasonable request. While adding more is technically possible, it raises questions on pricing as well as requiring additional management overhead and we haven't discussed if this will be something that we decide to address.

mbhinder wrote:

dane wrote:The Edgerouter's Cavium chip does IPSEC in hardware, so we're working on an IPSEC VPN solution which will be more appropriate than OpenVPN for that equipment. FYI!

Any update on this? Is there an ETA on the IPSEC solution?

Not at this time but there are some other solutions including a pfsense box with SSL offload as a OpenVPN client that may be easier to support than IPSEC on an Edgerouter. Or, perhaps Ubiquiti will update their vyatta fork to offload ssl to the cavium chip. (IRRC, it is technically possibly to do so.)

Are any of the folks in this thread using pfSense today, with our new OpenVPN platform?

>> Are any of the folks in this thread using pfSense today, with our new OpenVPN platform?

I would if I wasn't forced to use the crappy Sonic provided Pace modem/"router"........

My pfsense box has sat idle since I got the new 5268 that won't support bridge mode......

Guest Guest wrote:>> Are any of the folks in this thread using pfSense today, with our new OpenVPN platform?

I would if I wasn't forced to use the crappy Sonic provided Pace modem/"router"........

My pfsense box has sat idle since I got the new 5268 that won't support bridge mode......

Why not just put the pfSense box behind the 5268? (BTW, the WiFi on the 5268 is really good, so I would suggest utilizing that.)

I'd be interested to hear what sort of results you have with OpenVPN on pfSense hardware.

By the way, how does this play with AT&T fiber upgrade? If I upgrade and lock in for a year -- and pipe all my traffic through the VPN, will the VPN still be around all these months? If not, would I just become AT&T customer?

svist wrote:By the way, how does this play with AT&T fiber upgrade? If I upgrade and lock in for a year -- and pipe all my traffic through the VPN, will the VPN still be around all these months? If not, would I just become AT&T customer?

We do not anticipate removing VPN from production as a feature. It may change in configuration or settings, but we've got to offer it for customers to have Sonic-grade security and privacy.