[kwlug-disc] IPCop (and friends) vs hardware router

Paul Nijjar paul_nijjar at yahoo.ca
Thu Jun 18 21:08:11 EDT 2009


On Thu, Jun 18, 2009 at 08:13:47AM -0400, L.D. Paniak wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> How many users are we talking about here? A few tens? Are you planning
> onrunning something computationally expensive like VPN/wireless
> encryption?  If not, I'd be surprised if an OpenWRT router couldn't keep
> track of connections and push packets fast enough.

Maybe 150-200 computers at most. 

At some point we are wanting to do OpenVPN encryption (net-net as well
as net-host). 

Would you recommend OpenWRT as the firmware? Should I consider dd-wrt?

> Load the router with the Shorewall package and then you can sanely
> manage all firewall/traffic shaping functions.
> 
> Logging can be done as well, but it would likely require external
> storage.  With a USB-capable router like an Asus WL500g Premium, you
> could trivially extend onboard storage and have the router mail you the
> logs regularly or look for red flags.

Logging is definitely going to a syslog server. I have found that the
logs generated by most (all?) of the proprietary firmware I have seen
thus far have been underwhelming. 

- Paul



More information about the kwlug-disc_kwlug.org mailing list