DD-WRT VPN
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||||||||
|
Posted by Adair Winter on July 2, 2008, 10:33 am
Please log in for more thread options VPN enviroment. What we want to do is interconnect 3 maybe 4 sites together. After doing some reading it appears that you have a host side and a client side which I assume the host can support multipul clients. but is that the only configuration or can I take and connect a node that's already a client and also use it as a host and allow another client to connect to it? Reason for asking in the setup we want all sites to be able to communicate with each other but don't want traffic to have to pass thru the host to get there. So some sort of a star configuration would be needed. I realize this is a wireless group but DD-WRT is heavely used here so just looking for comments. Thanks, Adair | ||||||||||||||||||||||||||||
|
Posted by Bill Kearney on July 2, 2008, 11:07 am
Please log in for more thread options ideal for this sort of thing, right? Doing multi-site interconnects is not trivial. Setting up the routing tables to avoid congestion can be pretty complex. Trying to daisy-chain mulitple sites really complicates matters. And besides the routing issues, you also have to contend with inter-site server and workstation traffic. If you just "set it up" in a trivial manner you'll have enormous amounts of bandwidth getting wasted on site-to-site overhead traffic. Try asking on the dd-wrt forums. Then budget for proper Cisco gear. -Bill Kearney | ||||||||||||||||||||||||||||
|
Posted by Adair Winter on July 2, 2008, 11:28 am
Please log in for more thread options > You do realize the low-power devices that can run DD-WRT are probably not
> ideal for this sort of thing, right? > > Doing multi-site interconnects is not trivial. Setting up the routing > tables to avoid congestion can be pretty complex. Trying to daisy-chain > mulitple sites really complicates matters. And besides the routing > issues, you also have to contend with inter-site server and workstation > traffic. If you just "set it up" in a trivial manner you'll have enormous > amounts of bandwidth getting wasted on site-to-site overhead traffic. > > Try asking on the dd-wrt forums. Then budget for proper Cisco gear. > > -Bill Kearney > I agree, and this is not for an office/work enviroment. It is going to be used to connect 2 maybe 3 NXU radio liking devices from several places across the country back to my area. So in reality I only need to be able to have the server and 1 or 2 clients. Each tunnle will be bridging to another home network and the only traffic across them will be a single 24Kbps VoIP stream and managment traffic. The ability to configure as a star was brought up by someone else but in reality i do not think it's necessary. If these devices supported host names and not just static ips they would be placed out on the open internet. Adair | ||||||||||||||||||||||||||||
|
Posted by Jeff Liebermann on July 2, 2008, 12:25 pm
Please log in for more thread options wrote:
>More on IPerf and JPerf:
><http://www.openmaniak.com/iperf.php> (near bottom) ><http://code.google.com/p/xjperf/> ><http://xjperf.googlecode.com/files/jperf2.0.0.zip> One more URL: <http://www.openmaniak.com/iperf.php> (Tutorial with examples)
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558 | ||||||||||||||||||||||||||||
|
Posted by Jeff Liebermann on July 2, 2008, 9:15 pm
Please log in for more thread options wrote:
>Thanks for the input Jeff as always your helpful.
Thanks. >As I stated befor be do
>not need a ton of bandwidth but I also know what it like to run anything on >hardware that is being pushed beyond it's limits. I forgot that I have a nailed up VPN running between my house and office with a WRT54G v3 at one end, and a Buffalo WHR-HP-G54 at the other. I'll run some bechmarks this weekend and see what happens. >Anyone want to suggest some other solutions for the VPN that wont require
>stupid expensive hardware and ideally can be placed behind the firewalls >that are in place.. I.E the VPN hardware just creates the tunnel thru the >WAN router. Id be more interested in a solution that would let us reuse >exsisting hardware we might already have Sure. I've used various Sonicwall products to build multiple connection VPN's. The messiest was 5 locations in 3 states via DSL and T1 lines. Speed was limited by the outgoing bandwidth of the DSL lines, not the processor. Unfortunately, it was an older Sonicwall 10, which is no longer manufactured. I've also used Netscreen hardware, which is now part of Jupiter Networks. One huge advantage was that Netscreen simultaneously supports PPTP (for Windoze client dial-in) and IPSec (for router to router). Netscreen is basically Linux on the inside. I've also use FreeSWAN on Red Hat and OpenVPN SSL on Ubuntu between 3 sites. This was a bit of major project and learning curve for me. I finally had to yell for help and hired a local student to make it all work. It's been up for about 2 years and I'm still recovering from some of the odd tweaks the student threw into the servers. The Linux boxes currently run on 2GBytes Compact Flash drives (no hard disk). A big advantage is the ability to easily deal with static routes and complex firewall issues, as there's an Asterisk server running on one of the servers. The only problem is that the business owner insists that I document everything in case I should suddenly die or go on vacation. One of my friends has a local store and the owners house connected with a pair of Linksys BEFVP41 v2 routers running IPSec. They work, but are what I describe as "tempermental". They hang, crash, die, or reboot, for no obvious reason. I've recommended replacement, but the owner claims he doesn't use the VPN very much and is willing to tolerate the instabilities. Not recommended. I've tried various Netgear routers that terminate VPN's. I never could get them to work the way I thought they should work, so I gave up. I suspect it might have been possible if I had bothered to read the instructions. -- # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 # 831-336-2558 jeffl@comix.santa-cruz.ca.us # http://802.11junk.com jeffl@cruzio.com # http://www.LearnByDestroying.com AE6KS | ||||||||||||||||||||||||||||
| Similar Threads | Posted |
| WRTG2.0 and DDWRT firmware | March 6, 2006, 12:55 pm |
| Actiontec GT701 and WRT54G (Running DDWRT Micro) | October 30, 2006, 12:09 am |
> VPN enviroment.
>
> What we want to do is interconnect 3 maybe 4 sites together.
> After doing some reading it appears that you have a host side and a
> client side which I assume the host can support multipul clients. but is
> that the only configuration or can I take and connect a node that's
> already a client and also use it as a host and allow another client to
> connect to it?
> Reason for asking in the setup we want all sites to be able to communicate
> with each other but don't want traffic to have to pass thru the host to
> get there. So some sort of a star configuration would be needed.
>
> I realize this is a wireless group but DD-WRT is heavely used here so just
> looking for comments.