linux router connecting to dd-wrt(s) for VPN
in [Wireless Internet]
|
From: Damon Getsman on 16 Apr 2008 12:56 I have been working as an admin on a WAN comprised of multiple linux servers (and associated [irrelevant] Sun Ray clusters) for a short period of time now. Until this point my tasks have been primarily comprised of configuration of different security and authentication services with a few package installation and configuration tasks and scripting thrown in for good measure. I've just been given a new task to begin when I'm completed with the one that I'm currently involved in. Being as my current one only consists of me babysitting downloads for another few hours, I decided to start researching the upcoming one. The office that I work at is connected to several satellite offices via 3 separate dd-wrt openVPN linksys routers. Each is a separate gateway, 2 for specialized services and one for general internet and GNOME desktop traffic (which is normally on the local subnet of the WAN to conserve bandwidth). Our current projected expansion has my superior thinking that it would be a good idea to replace these 3 linksys routers (and their associated 200MHz processors) with a dedicated linux routing machine, short on memory and HDD space, with 1GHz or slightly higher processor so that we can handle whatever bandwidth needs we're thrown in the next year. So I started googling, as it is to be my task to set up that machine. Unfortunately, although I'm familiar with the basic concepts and terminology used in networking, I'm relatively deficient in practical experience. What I'm looking for is information on using the linux router to connect to the other dd-Wrts utilizing the same VPN structure as was utilized before. I have not been able to find anything except for information on connecting dd-Wrt devices to each other. Thus I'm looking for any tips or pointers to information on configuring such a setup, or any explanation of how existing documentation can be used with a few changes, etc... I'm also interested, for curiosity's sake, in how much information these dd-Wrt devices can actively handle with their processing capabilities (both with and without SSL/TLS overhead). Thank you for any help or comments you might have. :) <a href="http://www.state.nj.us/military/publications/guardlife/ volume31no6/promotions.html"> Damon Getsman </a>
From: Bill Kearney on 16 Apr 2008 15:12 > I'm also interested, for curiosity's sake, in how much information > these dd-Wrt devices can actively handle with their processing > capabilities (both with and without SSL/TLS overhead). A question perhaps best asked on the dd-wrt website forums? As for standalone PC as a router, BSD is often considered a better candidate than most linux distros. Mainly for security reasons.
From: Bill Kearney on 20 Apr 2008 09:41 > FYI, none can beat networking performance, routing and, or firewall > capabilities of Linux kernel version 2.6 series. Performance is highly subjective. Even worse when it's touted as a benefit without addressing the security risks. There are choices out there and each worth considering. Different solutions exist, offering many choices. Pick what's considered suitable.
From: Stefan Monnier on 21 Apr 2008 11:38 > I'm also interested, for curiosity's sake, in how much information > these dd-Wrt devices can actively handle with their processing > capabilities (both with and without SSL/TLS overhead). Don't know about dd-wrt, but small home routers like the one you describe (200MHz mips processor) seem to be able to (en/de)crypt (over SSH, but SSL should be comparable) in the order of 100-200KB/s in my experience. It's easy for you to check: do an "ssh wrtserver cat /dev/null <bigfile" and time it. Stefan
From: Digital Mercenary For Honor on 22 Apr 2008 13:44 On 2008-04-18 10:55:02 -0400, Balwinder S Dheeman <bsd.SANSPAM(a)cto.homelinux.net> said: > Hum, seems quite distracting to me instead. > > FYI, none can beat networking performance, routing and, or firewall > capabilities of Linux kernel version 2.6 series. > > How many small routers and, or so called xDSL modems based on OpenBSD, > NetBSD and, or FreeBSD are available on the market? > > Why the hell *BSD's have so many firewall daemons -- ip6fw, ipfilter, > ipfw, PF and, or separate ipnatd? (Gets out the popcorn, definitely flame bait, but it does expose an industry problem.) Did you read in my post "whatever OS you chose", or is the only thing you see a Penguin when you look @ operating systems? Your post irritated me because it echos a problem in the industry with "OS fever". OS's and any code-base are tools that are useful in some circumstances and not others. It's the same damn disease we have in the industry with Java. If you knew some TCP/IP history, you'd also know that TCP/IP "came from" BSD, and every TCP/IP stack in the world owes its heritage to a bunch of folks @ Berkeley some 30 now almost 40 years ago. FBSD continues to have a fantastically performing TCP/IP stack - they did a huge re-write / clean-up of their TCP/IP stack resulting in amazing performance gains. Innovations abound in Linux as well. Why do the BSD's have so many firewall - (what?) - they're not daemons, they're interfaces to a piece of kernel code, with the note-able exception of ipnatd / divert you mentioned. IMHO, PF just rules (expressing my own personal opinion). How, in a firewall rule you can detect DoS / DDoS and auto-firewall stuff is amazing (please don't bring up the perfect-storm-IP-src-spoof thing, yes, I know, URPF is a partial solution for this, etc.) Analyze & embrace everyone's innovation with a careful scrutinizing eye of what you want or need. "Logo loyalty" is only for closed minds. Each of the Unices (Linux, FBSD, OBSD, Solaris, Darwin, etc.) has some special sauce they added and keep adding, thank the ancients we all think differently, it moves things along. Grab an old machine, a couple of old ISA NIC cards, download a bunch of different OS's, and grab a man page, please. - This message brought to you through a 486-DX133, 32MB RAM, 240MB IDE HDD OBSD PF-based firewall router - 900 up days and counting... </roast off> /dmfh -- _ __ _ __| |_ __ / _| |_ 01100100 01101101 / _` | ' \| _| ' \ 01100110 01101000 \__,_|_|_|_|_| |_||_| dmfh(-2)dmfh.cx
|
Pages: 1 Prev: wireless router + external hard disk connection Next: Private VPN service Recommendations |