| Rich Freeman on 23 Sep 2014 12:05:13 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [PLUG] Router Projects and VPNs |
I have a Buffalo router that uses DD-WRT currently (though with a heartbleed-vulnerable version of openssl), and was thinking about changing my router setup, possibly including changing firmwares or even implementing another router. Here are some of the features I was thinking about implementing, and I'd like some opinion on whether any of the DIY projects out there support this stuff: 1. Obtain IP from ISP. The IP assigned by the ISP should be obtainable from within the LAN via some kind of interface (and not just checkmyip/etc). 2. Set up outgoing tunnel via a VPN to a proxy (flexibility may be useful here so that I am not constrained in my choice of proxy). Outgoing connections should use this route by default. 3. Allow for incoming VPN connections to get into the LAN. Non-LAN traffic coming in through this VPN should go out via the proxy VPN. 4. Allow for incoming connections direct to the ISP-assigned IP (not via the proxy VPN), and these should be forwarded per a rules table. 5. I probably don't want any incoming connections over the proxy VPN, but at the very least they shouldn't use the same forwarding rules as the ISP IP. 6. Optional, but it would be ideal if I can control WiFi traffic to the rest of the LAN, ideally not using NAT in-between (obviously traffic to the internet would use NAT). 7. It would be really nice if I could route IPv6 as well, perhaps using a broker. I definitely want IPv6 support when my ISP has it (hopefully before I die). I imagine I could do all of this with the usual linux routing capabilities, but it is complex enough that a router with a pretty GUI might not accommodate all of it. Has anybody done anything like this with any of the usual projects? Also, is there any cheap hardware out there suitable for building a linux-based router (that is, something that can run something closer to traditional x86 and not a SOC-based router like OpenWRT/etc)? It seems like most of the hardware out there costs $200+. I don't mind rolling my own so much but I don't want to build a whole ATX system just to route packets. I guess I do have some old motherboard+CPUs lying around, but they're going to be power-hungry and hard to cool without a real case/etc. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug