AAISP Ideas
All the ideas and discussions
We're currently running IPSec VPNs (tunnel mode) between our various ADSL lines. We'd also like to run some VPNs to our colocated server in Maidenhead.
So for example our current 192.168.1.0/24, 192.168.2.0/24 subnets would be tunnelled for example to 192.168.10.0/24 and then VLANed on to our server (possibly via a separate cable or pair of cables).
We could use a Firebrick 105 - but they don't do IPSec...
We could buy a 1U or smaller firewall to do this, and we'd also have to pay for the ongoing space, power, ports etc...
Possible Solution:
Could A&A's FB6000s do this for us? We'd be prepared to pay for this service, some £-tens per month (the website says £15.10 for a FB105, it would probably cost us more for our own IPSec/firewall device).
We're using mainly Draytek Vigor 2820s which can do IKE with preshared keys or x509 certificates.
I usually maintain a list of blacklisted IP addresses (from SSH bruteforce attacks, IP scanning, etc...), where I just drop all the inbound traffic. It'd be great if I could upload a simple filter, perhaps iptables/ipfw/BPF, to get traffic from these addresses dropped before it even has to cross my ADSL line.