John Kreno on 23 Sep 2014 20:51:18 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Router Projects and VPNs


Just to reply to you in-line here, almost all my experience is with Mikrotik

How about the software?

  The software is pretty solid for the most part, not totally free of all issues. There's a pretty solid release schedule.
 
Will it do everything I asked about (openvpn
in/out, flexible routing, etc)? 

  I can't speak to every feature, because there are a few you mentioned that I don't do. It does support OpenVPN, and flexible routing.

If it involves using the command line
to configure things, will that configuration persist through
updates/etc (I'm sure GUI configs will, but if you're hacking away at
it I suspect all bets are off)?

  I have lived through a few minor releases and a major release, and so far I have not had any config issues. I have also made changes both from the command line and from the web based GUI.

What is the commitment of these
vendors to software updates (I'm very annoyed that my not-that-old
Buffalo router does not have a firmware update that fixes heartbleed,
which in theory means my WPA2 authentication is vulnerable)?

  While I have seen platforms age out in that you cannot purchase them any longer, I don't see them ending OS support for any of the routers.

  Or, are
you recommending these with the intention that they be flashed with
some other firmware?

  I am not recommending that, although I have seen threads depending on the model that you go with that you could do that.

The one advantage of basically building a PC is that I can install a
standard distro which basically gets security updates forever, and
distros already have ways of letting you configure daemons and not
have that blown away on every update.

On the other hand, there is no way that a $100 PC is going to route 1M
packets per second with only a few percent CPU and power use likely
measured in single-digit watts.  I definitely like the concept here -
I just fear the closed source route is going to save me time up-front
and cost me in the long run as consumer hardware manufacturers are
notorious for abandoning their products.

  I share those worries when choosing a routing platform. You are locked into certain things when you go closed source and planned obsolescence is one of those things. You might go the MiniITX atom or the AMD APU route. There are boards that have dual gigabit. But price starts to creep up and while they are fairly power efficient, they aren't single digit good in most cases. I'm very interested to know what path you do go, if nothing else, than from a hardware perspective.

 -John



On Tue, Sep 23, 2014 at 10:08 PM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
On Tue, Sep 23, 2014 at 9:31 PM, John Kreno <john.kreno@gmail.com> wrote:
> I'm not sure if you've looked into Ubiquiti or Mikrotik, but they have some
> hardware that may satisfy your requirements. The hardware is also fairly
> reasonably priced, in the 80-150 dollar range.

The hardware looks quite nice and in the right price range.

How about the software?  Will it do everything I asked about (openvpn
in/out, flexible routing, etc)?  If it involves using the command line
to configure things, will that configuration persist through
updates/etc (I'm sure GUI configs will, but if you're hacking away at
it I suspect all bets are off)?  What is the commitment of these
vendors to software updates (I'm very annoyed that my not-that-old
Buffalo router does not have a firmware update that fixes heartbleed,
which in theory means my WPA2 authentication is vulnerable)?  Or, are
you recommending these with the intention that they be flashed with
some other firmware?

The one advantage of basically building a PC is that I can install a
standard distro which basically gets security updates forever, and
distros already have ways of letting you configure daemons and not
have that blown away on every update.

On the other hand, there is no way that a $100 PC is going to route 1M
packets per second with only a few percent CPU and power use likely
measured in single-digit watts.  I definitely like the concept here -
I just fear the closed source route is going to save me time up-front
and cost me in the long run as consumer hardware manufacturers are
notorious for abandoning their products.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
John Kreno

"Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety." - Ben Franklin
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug