Vyatta is adding VPN support to the latest release of its open source router/firewall.
The company said with its IPSec VPN function, combined with stateful firewall and advanced routing features, OFR provides a complete one-box alternative to routing/firewall/VPN boxes from Cisco and Juniper for small and mid-sized companies.
Vyatta's Subscription Edition 2.0 of its Open Flexible Router (OFR) includes site-to-site IPSec VPN capabilities, letting users establish secure VPN tunnels between a company headquarters and remote offices. Similar to commercial small and mid-sized or other open source enterprise products, Vyatta's OFR 2.0 software can be downloaded for free, but costs US$497 for a one-year support subscription, which includes software updates and patches, technical support and troubleshooting. The Linux-based OFR code can also be preloaded onto Dell PowerEdge server hardware, starting at $1,797.
OFR is based on the Debian Linux distribution and the eXtenseible Open Router Platform (XORP), an open-source IP routing stack. New to the OFR package is code from the open-source project Open Secure WAN (OpenSWAN), a software package for running IPSec VPNs on top of a Linux.
Version 2.0 of the Vyatta code was beta-tested by KeyMark, supporting a site-to-site VPN between South Carolina and Virginia.
"It's been working flawlessly since we brought it up over a month ago," says David Nalley, network administrator for KeyMark. "It's one of the simplest open-source IPSec configurations I've done," compared to previous open-source IPSec VPN technology, such as FreeSWAN and OpenSWAN, which he has worked with previously, he adds.
KeyMark uses Dell PowerEdge 2950 servers with Gigabit Ethernet LAN ports, and a Sangoma PCI-X T-1 card for connecting to the WAN. (This box replaced a Cisco 1700 series router).
Nalley says it was relatively easy to map the Cisco routing and firewall settings to the Vyatta router configurations. The only issue he encountered during the switch were some configuration problems with frame encapsulation
"There were some things that worked on Cisco that did not work on Vyatta when we first tested it," he says. "But it ended up being more of an issue with the [T-1 card] as opposed to a Vyatta issue."
A useful tool on the Vyatta router is its Web-based interface, which allows IT staff who may not be experienced with Linux or routing command line interfaces to make simple configuration changes if necessary.
"It makes management a lot less intimidating than the command line," even for experience administrators; Vyatta's CLI more resembles Juniper's JUNOS over Cisco's IOS, which Nally himself is more familiar with, he adds.
Since the pre-installed Dell servers with Vyatta did not offer redundant a power supply option, Nalley opted to get his own Dell 2950 serer - with redundant power - and install Vyatta himself.
"This is one of our first experiences with using open-source in a mission critical application and I wanted it to be a success."
Find your next job with techworld jobs