Roll your own VPN

For those do-it-yourselfers out there who don’t mind building their own VPN appliances, you might check out Astaro.

The company has been around for three years now and is issuing the latest version of its Linux-based firewall/VPN software that also includes antivirus and content filtering software.

Called Astaro Security Linux, the fourth version of the software is available Jan. 31. The latest release includes new features such as support for virtual LANs and wireless LAN access points, as well as virus protection for POP3 e-mail accounts. Now it can also use existing RADIUS and LDAP directories to authenticate remote users, eliminating the need to set up separate access lists. It also now includes spam blocking.

Customers load Astaro Security on an Intel-based PC to create IPSec VPN appliances that can talk site-to-site with each other or to remote PCs with an Astaro VPN client installed. The software includes a Linux operating system that has been modified to secure it from attacks.

Throughput on a 1266 MHz CPU PC is 115M bit/sec for encrypting IPSec traffic and 730 for packet filtering.

The combination of multiple security functions on the same platform is something that the established VPN vendors are just starting to embrace, so Astaro is on to something here. Many smaller enterprises seeking simplicity of network design prefer these multi-function boxes because they introduce one not many new devices to the network. Others prefer separate devices so they can either shop for the best products in each area or divide the different functions among staffers with different areas of expertise.

With an entry-licensing price of $390, the Astarto software is a bargain. You have to add in the price of the hardware, but even so you come out paying less than for many similarly performing custom appliances. You also forfeit some of the management features that some of the larger IPSec vendors offer.

Still, the trade-off may be worthwhile for your particular network.