Re: [PLUG] Router Projects and VPNs

[Drew Lehman <dlehman@digitatech.com>]

I personally love Pfsense.  Yu can use an old PC or there are a ton of 
hardware platforms you can install it.  I've been running it for over 3 
years and have yet to find something I can't do with it.  You can 
segment networks, do a captive portal, several different VPN options and 
a very active community.

On 9/23/2014 3:05 PM, Rich Freeman wrote:
> I have a Buffalo router that uses DD-WRT currently (though with a
> heartbleed-vulnerable version of openssl), and was thinking about
> changing my router setup, possibly including changing firmwares or
> even implementing another router.
>
> Here are some of the features I was thinking about implementing, and
> I'd like some opinion on whether any of the DIY projects out there
> support this stuff:
>
> 1.  Obtain IP from ISP.  The IP assigned by the ISP should be
> obtainable from within the LAN via some kind of interface (and not
> just checkmyip/etc).
> 2.  Set up outgoing tunnel via a VPN to a proxy (flexibility may be
> useful here so that I am not constrained in my choice of proxy).
> Outgoing connections should use this route by default.
> 3.  Allow for incoming VPN connections to get into the LAN.  Non-LAN
> traffic coming in through this VPN should go out via the proxy VPN.
> 4.  Allow for incoming connections direct to the ISP-assigned IP (not
> via the proxy VPN), and these should be forwarded per a rules table.
> 5.  I probably don't want any incoming connections over the proxy VPN,
> but at the very least they shouldn't use the same forwarding rules as
> the ISP IP.
> 6.  Optional, but it would be ideal if I can control WiFi traffic to
> the rest of the LAN, ideally not using NAT in-between (obviously
> traffic to the internet would use NAT).
> 7.  It would be really nice if I could route IPv6 as well, perhaps
> using a broker.  I definitely want IPv6 support when my ISP has it
> (hopefully before I die).
>
> I imagine I could do all of this with the usual linux routing
> capabilities, but it is complex enough that a router with a pretty GUI
> might not accommodate all of it.  Has anybody done anything like this
> with any of the usual projects?
>
> Also, is there any cheap hardware out there suitable for building a
> linux-based router (that is, something that can run something closer
> to traditional x86 and not a SOC-based router like OpenWRT/etc)?  It
> seems like most of the hardware out there costs $200+.  I don't mind
> rolling my own so much but I don't want to build a whole ATX system
> just to route packets.  I guess I do have some old motherboard+CPUs
> lying around, but they're going to be power-hungry and hard to cool
> without a real case/etc.
>
> --
> Rich
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug