Hi guys,
I want a router / device to sit between my wireless access point & ADSL router and force all the traffic over an IPsec VPN (Openswan). Currently, I'm connecting to the VPN directly from my computer, but I don't want to have to.
Questions:
1. Is the above possible?
2. Can the VPN connection be kept up at all times / on demand?
3. I'd like to by a hardware RouterBoard, but I don't know if I need a 450G (~£75) or a 750G (~£40). I don't really see the difference, they both seem to have the same speed chip, though the cheaper one has only 32mb RAM...? I'm guessing I need the 450G.
4. I'm based in the UK, and was thinking of purchasing from here, any comments?
http://linitx.com/viewproduct.php?prodid=12417
http://linitx.com/viewproduct.php?prodid=12702
Thanks a lot, hope you all had a good New Years!
Russ
Re: Beginner questions
Some more detail;
My laptop ---> Timecapsule --(extended wifi network)--> Airport Express --(ethernet)--> ADSL router --> internet
I was thinking the mikrotik could go;
My laptop ---> Timecapsule --(extended wifi network)--> Airport Express --(ethernet)--> MIKROTIK --(ethernet)--> ADSL router --> internet
And force all the traffic through it out over the VPN. I've been trying a similar (virtual) setup with the mikrotik routeros & virtual box, but with no luck so far.
The router only needs to be able to cope with ~10 mbit of traffic in / 1 mbit out. Maybe eventually 50 mbit (if they cable my area!)...will a 450G / 750G cope with this?
My laptop ---> Timecapsule --(extended wifi network)--> Airport Express --(ethernet)--> ADSL router --> internet
I was thinking the mikrotik could go;
My laptop ---> Timecapsule --(extended wifi network)--> Airport Express --(ethernet)--> MIKROTIK --(ethernet)--> ADSL router --> internet
And force all the traffic through it out over the VPN. I've been trying a similar (virtual) setup with the mikrotik routeros & virtual box, but with no luck so far.
The router only needs to be able to cope with ~10 mbit of traffic in / 1 mbit out. Maybe eventually 50 mbit (if they cable my area!)...will a 450G / 750G cope with this?
Re: Beginner questions
No, they will not cope with 50Mbps of IPsec traffic. If that's a deal breaker please say so now.
I'm assuming you have some other IPsec endpoint on the Internet you want to tunnel everything to? That is possible to do.
The biggest thing a 450G offers over a 750G is the additional RAM and a console port so you can gain console access when you mess up the configuration. That can be a huge timesaver. For IPsec you don't need much RAM.
I'm assuming you have some other IPsec endpoint on the Internet you want to tunnel everything to? That is possible to do.
The biggest thing a 450G offers over a 750G is the additional RAM and a console port so you can gain console access when you mess up the configuration. That can be a huge timesaver. For IPsec you don't need much RAM.
Re: Beginner questions
Hmmm, it's not really a deal breaker as I don't currently have a 50mbit connection, it's 8 (or 10?) mbit currently, it's likely that when I move home, or they cable this area that I'll upgrade to cable/fiber & have ~50mbit.
For the outlay, espically of the 750G, as long as it can do ~10mbit I'll be happy for now. If it can't do 10mbit, that would mean I need to find something faster.
Is the configuration that I need to do on the router quite easy & possible?
Do you think either can cope with 10mbit of ipsec?
What would I need for 50mbit in the future - is there an off the shelf mikrotik?
How badly do you have to mess the config up to need the console port? If it's very easy, I'll spend the extra.
Thanks
For the outlay, espically of the 750G, as long as it can do ~10mbit I'll be happy for now. If it can't do 10mbit, that would mean I need to find something faster.
Is the configuration that I need to do on the router quite easy & possible?
Do you think either can cope with 10mbit of ipsec?
What would I need for 50mbit in the future - is there an off the shelf mikrotik?
How badly do you have to mess the config up to need the console port? If it's very easy, I'll spend the extra.
Thanks
Last edited by ukd1 on Tue Jan 04, 2011 1:17 am, edited 1 time in total.
Re: Beginner questions
It should be able to do 10Mbps of IPsec traffic OK.
There is no currently sold RouterBOARD that can do 50Mbps. The RB1100 is the flagship, and it can't do that much either. The RB1000 had hardware offloading but that is end of life.
It's pretty easy to screw up configs. I really like having console ports.
There is no currently sold RouterBOARD that can do 50Mbps. The RB1100 is the flagship, and it can't do that much either. The RB1000 had hardware offloading but that is end of life.
It's pretty easy to screw up configs. I really like having console ports.
Re: Beginner questions
Ok!
I'll get a 450G and see how I go.
Is the configuration pretty easy? I've managed to get the IPSec connected & auth'd ok (I have a dedicated server in datacenter which is the endpoint on a 100mbit link).
I've not however managed to get the traffic forced over the IPSec link. It looks like it should be ok, but I'm a bit of a routing / networking newbie.
I'll get a 450G and see how I go.
Is the configuration pretty easy? I've managed to get the IPSec connected & auth'd ok (I have a dedicated server in datacenter which is the endpoint on a 100mbit link).
I've not however managed to get the traffic forced over the IPSec link. It looks like it should be ok, but I'm a bit of a routing / networking newbie.
Re: Beginner questions
It shouldn't be too hard. Never set that up, but it should just be a matter of getting your policies to match the right traffic.
Who is online
Users browsing this forum: No registered users and 19 guests