OpenWrt Forum Archive

Topic: Requirements for a router to run Luci+OpenVPN+QoS (short question)

The content of this topic has been archived on 28 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hello everybody!
So here is my small question:

I would like to run Openwrt with a web-interface (Luci), QoS, and have an openVPN server for WAN connections (I have static IP from my provider).
I tried to install openvpn package on my DIR-300, but there is not enough space (Only 256kB left).
Do you have any suggestions - which router should I buy, or how much memory should it have to run OpenWRT with this desirable configuration?

Thanks in advance!
Artem

You should also contemplate to get a router with a built-in hardware for encryption, i.e. IPSEC co-processor on a Netgear WGT634U, to boost up encrypted VPN connections.

Try Kamikaze 8.09.2.

Thanks for replies!
Unfortunately, I did not find this Netgear router in Moscow.
I want to buy a second-hand router.

Can I buy a router with 8Mb flash or more, and with a fast processor (300MHz)? But without the encryption co-processor?
Because it is rather tricky to find it all in one time..

Thanks everybody for replies. I will also try to install Kamikaze, but I am not sure, I can compile it.

Thank you very much!
I will try it soon.

Kind Regards,
Artem

the suggestion using the old release just because the basesystem of openwrt grew bigger ever release so it quite hard to fit all packages the OP needs in 4MB flash with backfire 10.3.1. But there may be a chance to achieve it with kamikaze.
But I wouldn't suggest this, I normally would suggest building your own image with everthing included, and if it's to big think about if luci is really mandatory. Openvpn and qos fits fine in 4MB but openvpn, qos and luci is getting tricky.

and I would like to comment the hardwarecrypto-advice. the wgt634u is only able to use the hardware-crypto-engine for DES, so forget this one. And you won't be happy with the wl-500g premium either (I tried this some time ago, I got it working, but as openvpn isn't running in kernelspace there is a lot of copying in ram, so I ended up with a slower encryption than with softwareencryption). And an half decent cpu (400Mhz) would be enough for at least 5Mbit/s, or even more.  So only consider hardware-encryption, if you have a fast (and synchron) internetconnection and then get a some hardware-crypto-solution that's really working and not this broadcom-stuff.

Well for fun I just took the RC6 imagebuilder, built a standard image with LuCI, OpenVPN, qos-scripts minus pppoe and opkg and ended up with a 3.6MB combined image. Looks quite doable to me.

Edit: using the classic atheros target as the op asked for a dir-300 image

eleon216,
Thank you very much for your reply. You get in details, and this is really what I was asking about.
I am realy affraid of using a router without Luci, as I am not sure, that I can do all needed adjustments. Such as openvpn-server setup and even port-forwarding. I am not so good at iptables.. This is my shame.
And what about the speed of the Internet connection for computers inside LAN?
Now I have an access for each computer (2 computers) trough my router to the Internet. If I will run OpenVPN server to connect to this network with my laptop to the WAN port, will it reduce the speed of the Internet connection to this users inside existing LAN?

Thank you also with the advice regarding asus router. I was just about to buy it!!
Now I will think twice.
So, what is your advice then? If I am not able to use hardware-encruuption: should I just buy any router with a fast CPU and that will be enough? Assuming this logic, I need DIR-320 with 240MHz at least?


jow,
could I kindly ask you to provide me with this pre-build image? The thing is, I allready tried two times to build it, and had a non-workable device. I asked another gue in the forum, he did it for me.. Or if I will not bother you - may I send you few PM during the compiling process?

Kind Regards
Artem

Artem25 wrote:

Thank you very much!
I will try it soon.

So, did you or did you not? Did you run out of space installing OpenVPN over Kamikaze 8.09.2?

Currently I am running this configuration:
Firmware Version     OpenWrt Firmware Attitude Adjustment (r28185) / LuCI Trunk trunk+svn7466
Kernel Version       2.6.39.4

As the router is far away from me (100 km) I need to collect the information first, then decide what to do and then drive there and replace the firmware.

And I allready tryed to install openvpn, but it said, there is not enough memory.

(Last edited by Artem25 on 16 Nov 2011, 11:27)

Hi,

jow already tried it, and 3,6 MB look like it should be possible to fit all packages in a recent (trunk or backfire) image. It's still not much space left for something else because 320kB are used but the bootloader and stuff, but it should be possible, and I would recommend this option.
but you have to include everthing in the highly compressed readonly filessystem (squashfs), there is not enough flash to install it to the (less compressed) jffs2-partion afterwards.
You have to create your own image. you could build (compile) everthing http://wiki.openwrt.org/doc/howto/build
or just create your own firmwareimage with precompiled packages with the image-builder http://wiki.openwrt.org/doc/howto/obtai … e.generate

so it should be possible to run this on your existing hardware.
You only have to consider new hardware is you experience preformance-issues. The 180MHz CPU of the DIR-300 is quite slow, and encryption is a quite cpu-intensive task so you shouldn't expect to run a 50MBit-VPN-connection.
But if you have an asychron internet-connection. e.g. in my case I have a ADSL line with 8Mbit download and 768kbit upload. And I use vpn to get files from my pc at home when I'm somewhere else, and sometimes to encrypt my data when I'm using insecure hotspots, so in all cases the upload-speed of my internet connection is limiting the speed of the vpn-connection and 768kbit/s is slow and this can handle every cpu. A faster cpu or a hardware-crypto wouldn't change anything. So you just have to figure out if the cpu would be the limiting factor, before you buy something with a faster cpu.

(Last edited by eleon216 on 16 Nov 2011, 15:29)

eleon216
Thank you for explanations.

Well, for the limiting factor - the speed of the connection I am not worried too much.
In Russia, far away from cities even, you can have a 20 Mbit download and upload for about 15 Euros in a month.

I will try to make my own build and try kamikazze too. But first I will find another router for this experiment.
So I will let you know how things get on.

Artem

it think there is a missunderstanding...

if you have a synchron 20Mbit/s connection you have to think about the speed of your router!
The cpu of the dir-300 cannot handle the encryption of a 20Mbit/s stream so you have to think about a fast cpu, or a hardware-crypto-acceleration.
it may be a little different with openvpn, but to get an impression what encryption/decryption-rate the cpus can handle:
I just run a scp from my pc to /dev/null of the router so it's going through an aes-encrypted ssh-connection (no hardware crypto acceleration).
I can copy to a asus wl-500g premium (broadcom mips-cpu 250MHz) with a rate of 1MByte/sec so I will not get more than 10Mbit/s if I am using it for a vpn-connection.
my wndr3700 (atheros-mips cpu 680Mhz) can handle 3MBytes/s so it will be able to run a vpn-connection up to 30Mbit/s. Your dir-300 (180MHz) will handle 5Mbit/s  maybe 6-7Mbits/s but not more. So if you have an faster connection the cpu of the router will probably be a bottleneck.

(Last edited by eleon216 on 16 Nov 2011, 16:38)

Artem25 wrote:

Well, for the limiting factor - the speed of the connection I am not worried too much.
In Russia, far away from cities even, you can have a 20 Mbit download and upload for about 15 Euros in a month.

I will try to make my own build and try kamikazze too. But first I will find another router for this experiment.

If you plan to find another router, you can dump the idea of Kamikaze because I don't think that DIR-300-A1 can handle 20Mbps download and upload, that is, 40Mbps, with QoS and multiple OpenVPN clients.

Personally I recommend TP-LINK TL-WR1043ND and Buffalo WZR-HP-G300NH. RouterBoard RB750GL and RB450G with RouterOS build-in can also meet your requirements.

eleon216
Yes, I did understand you just from the previous message.
I read my reply now and realize, it was not a very clear reply. But I_do_understand everything you write, be sure please smile
Now I am searching trough second-hand stocks in Moscow and try to find something appropriate for around 10Euros. smile

Artem25 wrote:

Now I am searching trough second-hand stocks in Moscow and try to find something appropriate for around 10Euros. smile

10Euros. Maybe you should consider TP-LINK TL-WR740N or TL-WR741ND with USB mod.

Thanks everybody for discussion!
What I did, I've made a paot-forwarding inside my network and connect to my pfSense computer.

That is how I've solved my problem. In the nearest future I will make it inside an OpenWRT router, but now have not appropriate model.

Kind Regards,
Artem

I have build a litte Image (r32934) for the DIR-300 B1 with Openvpn working (tun/tap and lzo)

The is no wireless, no webinterface, to get free space...

The Files it contains are:

base-files - 112-r32934
busybox - 1.19.4-2
dnsmasq - 2.62-1
dropbear - 2011.54-2
firewall - 2-53
hotplug2 - 1.0-beta-4
iptables - 1.4.10-4
jshn - 2012-07-08-cca2ed6c8cdb3555fea43ff63ba1c9905dd7a164
kernel - 3.3.8-1-0d08e76cba411ef7dbf49377257b628d
kmod-button-hotplug - 3.3.8-3
kmod-input-core - 3.3.8-1
kmod-input-gpio-keys-polled - 3.3.8-1
kmod-input-polldev - 3.3.8-1
kmod-ipt-conntrack - 3.3.8-1
kmod-ipt-core - 3.3.8-1
kmod-ipt-nat - 3.3.8-1
kmod-ipt-nathelper - 3.3.8-1
kmod-leds-gpio - 3.3.8-1
kmod-ledtrig-usbdev - 3.3.8-1
kmod-lib-crc-ccitt - 3.3.8-1
kmod-nls-base - 3.3.8-1
kmod-ppp - 3.3.8-1
kmod-pppoe - 3.3.8-1
kmod-pppox - 3.3.8-1
kmod-tun - 3.3.8-1
kmod-usb-core - 3.3.8-1
kmod-usb-rt305x-dwc_otg - 3.3.8-1
libblobmsg-json - 2012-07-08-cca2ed6c8cdb3555fea43ff63ba1c9905dd7a164
libc - 0.9.33.2-1
libgcc - 4.6-linaro-1
libip4tc - 1.4.10-4
libjson - 0.9-2
liblzo - 2.06-1
libnl-tiny - 0.1-3
libopenssl - 1.0.1c-1
libubox - 2012-07-08-cca2ed6c8cdb3555fea43ff63ba1c9905dd7a164
libubus - 2012-06-01-a62e2f8c15a65efb1a82404d8f31e3bfc1cbe7d9
libuci - 2012-03-28.1-1
libxtables - 1.4.10-4
maccalc - 1
mtd - 18
netifd - 2012-07-12-857874b2d4f92b800ecc12a5e52adeaf3855b101
openvpn - 2.2.2-2
opkg - 618-2
ppp - 2.4.5-6
ppp-mod-pppoe - 2.4.5-6
swconfig - 10
ubus - 2012-06-01-a62e2f8c15a65efb1a82404d8f31e3bfc1cbe7d9
ubusd - 2012-06-01-a62e2f8c15a65efb1a82404d8f31e3bfc1cbe7d9
uci - 2012-03-28.1-1
wpad-mini - 20120428-1
zlib - 1.2.7-1

Maybe the are some Packages that could be also removed but i was not sure to get a working device after smile
It was only possible to flash it through the failsafe-mode.

dir300-b1-factory.bin
dir300-b1-sysupgrade.bin

root@OpenWrt:~# df
Filesystem           1K-blocks      Used Available Use% Mounted on
rootfs                    1152       212       940  18% /
/dev/root                 1792      1792         0 100% /rom
tmpfs                    15060        52     15008   0% /tmp
tmpfs                      512         0       512   0% /dev
/dev/mtdblock5            1152       212       940  18% /overlay
overlayfs:/overlay        1152       212       940  18% /

Thank you! If I will have an access to my router, may be I will try it! smile

You could compile your own firmware, exclude Luci GUI and include OpenVPN. There should be just enough spare with bare minimum packages.

The discussion might have continued from here.