[lug] Building Linux Routers versus Existing Routers

stimits at comcast.net stimits at comcast.net
Tue Nov 24 18:31:50 MST 2015

I'm wondering why more expensive routers advertise VPN support? Is there some sort of hardware acceleration, or protocol support that cheaper routers don't have? Very likely OpenVPN will be going in, but I am first trying to build my own router to see what I can do.
FYI, sorry for "top posting", my ISP web mail does not support any other style...I have to manually format every line to do otherwise...the larger the email the harder that gets. :P
----- Original Message -----From: Lee Woodworth <blug-mail at duboulder.com>To: Boulder (Colorado) Linux Users Group -- General Mailing List <lug at lug.boulder.co.us>Sent: Mon, 23 Nov 2015 09:35:49 -0000 (UTC)Subject: Re: [lug] Building Linux Routers versus Existing Routers

As far as future VPN use goes, OpenVPN may be of interest.

We use it between locations. It has been reliable anddoesn't appear to add easily mesurable latency: tunnel-end-point RTT virtual net RTT time=26.7 ms time=27.3 ms time=27.0 ms time=26.7 ms time=26.9 ms time=26.8 ms time=26.8 ms time=26.8 ms

Its pretty tolerant too. We didn't need to restart theOpenVPN daemons when when one end changed ISPs and wentfrom a static to a DHCP assigned address.

On 11/22/2015 06:42 PM, stimits at comcast.net wrote:> So far as hardware goes and power consumption, I'd probably be basing the router on the nVidia Jetson TK1:> https://developer.nvidia.com/embedded/buy/jetson-tk1-devkit> > I already have a couple of these along with mini-PCIe gigabit NIC. This NIC plus the integrated gigabit could probably do the job. I would rely on the ability for it to dish out DHCP through a gigabit switch on a single NIC while forwarding through the other NIC. Size is 5"x5", power normally uses about 5W under normal operation, 10W during average loads, and about 15W at peak. It does have a tiny fan, but this is rather quiet. I could actually get rid of the fan and add more passive heat sink for complete silence. It runs a full Ubuntu distribution, but if there is an ARMv7 port of pfSense, I could probably use that (or try to port just for the education).> > Or...I have an old (generation 1) pentium that still works...I used to use that for a bridge with firewall and snort.> > I'll take a close look at pfSense and see what I have that will work with it. I guess the big question is if you needed more than 2 NICs for anything other than data throughput and efficiency? Would you be able to do the same thing you do now with only 2 NICs if performance were not an issue?> > ----- Original Message -----From: Maxwell Spangler <maxlists at maxwellspangler.com>To: Boulder (Colorado) Linux Users Group -- General Mailing List <lug at lug.boulder.co.us>Sent: Sun, 22 Nov 2015 23:46:30 -0000 (UTC)Subject: Re: [lug] Building Linux Routers versus Existing Routers> > On Sun, 2015-11-22 at 22:54 +0000, stimits at comcast.net wrote:> > Hi,> The situation is that I'm thinking about a router for a wired network where I want to assign addresses on an otherwise private gigabit network, and have the router make the outside world available by another gigabit network which runs on a cable modem in bridging mode. > > > > What else would I need to know about to choose between a home-brew linux router and a commercial router?> > > > Power consumption, Noise, and physical space are three factors you didn't mention.> > Using commodity parts, especially if they are donated, is the cheapest way to go and gives you the most control over your solution. Using an opensource firewall like pfSense gives you a nice GUI on top so you don't have to do all the management and monitoring via command line.> > I have a site where we operate two firewalls running pfSense with one onboard NIC and two inexpensive PCIe NICs. It's very reliable, satisfying and meets our needs.> > But they take up the size of 2x small-form-factor PCs, use a reasonable amount of power (50-100W) and produce a certain amount of noise.> > We'd prefer an embedded appliance using a low power ARM chip and 2-3 gigabit NICs, but those appear to cost between $200-300+. So for us, like you, spare parts have worked out nicely.> > FWIW, It's amazing how much data old CPUs can push. When you operate old PCs interactively they never seem fast. Partly due to large apps and partly due to old video cards. But when you only have them push bits on a wire, they can be very satisfying. My x86 based Linux NAS pushes large files to me at gigabit speed using an Intel Core2 Duo E7300 chip from 2008 and it's got plenty of CPU to spare.> > > > _______________________________________________> Web Page: http://lug.boulder.co.us> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety> 

_______________________________________________Web Page: http://lug.boulder.co.usMailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lugJoin us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20151125/afd7dcc8/attachment.html>

More information about the LUG mailing list