VPN Devices
Hi,
we as MSP are currently planning to implement Zenarmor at one of our customers. I would like to know do the vpn clients / networks (OpenVPN, Wireguard, IPSec) count against the "number of devices" and is the VPN traffic inspected/protected at layer7 by Zenarmor?
Thank you.
BR
Denny
-
Official comment
Hi Denny,
Zenarmor can protect OpenVPN (tun) interface and WireGuard-go version interface. Zenarmor uses netmap which is an Operating System subsystem to grab packets off the wire. Netmap can not work with WireGuard-kernel module intrface yet.
Zenarmor counts the VPN devices for the license as well.
Comment actions -
Hi, thank you for the quick response.
* "Zenarmor can protect OpenVPN (tun) [...]"
Does it mean that application control and all layer 7 features work over OpenVPN if the client VPN (gateway) is routed through the OPNSense device?
* "Zenarmor counts the VPN devices for the license as well."
What is actually counted, the IP addresses? In that case, all non-important devices, such as smart home devices, count as well, right? And what happens if, in the case of the 100-device plan, the devices suddenly and unexpectedly go higher than 100?
Thank you
BR
Denny
-
Hi Denny,
Yes. You can get benefits of all Zenarmor capabilities, like application control and web filtering on a protected OpenVPN interface.
IP addresses are counted for licensing. You may exempt IPs of unimportant devices easily. https://www.zenarmor.com/docs/opnsense/configuring/general#exempting-vlans--networks
It won't be a problem to exceed %10 of the license size. Zenarmor doesn't block exceeded device connections. But, Zenarmor arranges the system resources according to license. So when you exceed the license count, Zenarmor can not handle all sessions on it and packet loss starts.
Please sign in to leave a comment.
Comments
3 comments