OpenWrt Forum Archive

Topic: WRT54GL (v1.1) & VPN

The content of this topic has been archived on 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
ct2193
16 Apr 2007, 20:39

After abandoning a "demo" of the Juniper VPN hardware in disgust with their inability to send trained individuals, I have opted to attempt customizing the WRT54GL (v1.1) device for (hopefully) a reliable VPN solution.

My intentions are as follows:

Scenario: About 50 remote locations with Cable or DSL Broadband will connect via VPN to our corporate office.
Devices (Remote): WRT54GL units will be placed at the remote locations.
Devices (Local): Some other termination / concentrator will be on site at our corporate office. We would prefer to NOT use yet another server tower, but prefer some appliance that does not use harddrives. Considering a customized LinkSys or Netgear box that has been verified to handle at least 50 connections.

We will be using a variety of systems in which L2TP is natively supported as far as software is concerned. (Mac OS X)

The wireless connection will provide a hotspot that only connects to the internet, preferrably with some sort of splash screen that can force a disclaimer.
The ethernet connections are to be forced through a "site to site" VPN back to our corporate office. Any internet access from those ports will be done via a corporate proxy server.

All remote locations are DHCP and DynDNS is undesirable unless 50 locations can be managed for free.

The corporate side of things has multiple static IP's.

If I CAN happily use another WRT54GL box as a corporate side concentrator, then that would be even better.

During my initial testing, WhiteRussian 0.9 has been the newest version that even works at all. Every Kamikaze build that I've tried leaves me with either SSH or Telnet login but absolutely NO web interface. (No fun to discover this fact)

If it's for the best, I could sacrifice the hotspot capabilities and run 2 separate boxes (1 for VPN, 1 for hotspot). VPN is by far the most critical solution to establish.

Anyone able to help me setup and configure a site-to-site VPN using these boxes would definitely score big points on the "Dude you rock!" list.

Thanks in advance.

Post #2
vincentfox
17 Apr 2007, 04:46

If you are looking to roll a custom and very sleek solution, you can certainly do that with OpenWRT v0.9.

I have a setup using OpenVPN to provide a secure tunnel to the remote WRT units. I use ChilliSpot for the captive-portal software on the satellite locations.  The remote sites are entirely run with WRT hardware, nothing there other than a UPS, a DSL modem, WRT units, and some other infrastructure devices like switches. This is for a community WISP with scattered POP locations.  Oh yeah we use X-10 RF remotes so if a site is having some weird issue in many cases we can do a drive-by and just power-cycle it from the comfort of the vehicle.  Central location has a single oldish Linux box with mirrored drives that provides RADIUS, Apache, syslog, and the OpenVPN server and has been up for 366 days now.  Central Linux box also runs Nagios and sends me pages when it finds a fault on a field unit, we frequently know about the problem and are working on it before the phone rings.

However if you are looking for HotSpot-in-a-Box with PhD (Push here Dummy) interface, this is not it.  OpenWRT is like Debian, a great Linux Swiss Army knife but not something with a pretty graphical shell from which you can do anything and everything without touching a command-line.

For consulting work you can PM me and I will give you my hourly rate.

(Last edited by vincentfox on 17 Apr 2007, 05:48)

The discussion might have continued from here.