Best device for use with OpenWRT/DD-WRT/etc?

[Jarod Wilson]

On Wed, 2008-07-09 at 14:26 -0400, H. Kurth Bemis wrote:
> Greetings to the list - 
> 
> First, a little background;  I'm evaluating the replacement of several
> point-to-point and frame ports and replacing the frame port in each
> location with Business grade broadband (DSL and cable), and using
> OpenVPN to connect each remote location back to company headquarters.
> The offices are generally located within range of Verizon DSL G4
> Communications DSL or Comcast cable.
> 
> Each location currently has several Cisco devices, an edge router, VPN
> concentrator, and PIX.  I'm looking to replace these devices with a
> single Linux-based device running OpenWRT, or a derived project, at each
> location, utilizing OpenVPN and iptables.
> 
> I have plenty of experience with OpenWRT and DD-WRT, unfortunately the
> only hardware I have worked with in depth is the Linksys WRT54GL, and
> having worked with Linksys gear of all types, I'm not sure I would tote
> them as a replacement for a Cisco router.  My primary concern here is
> reliability of hardware, not software.
> 
> Can anyone recommend a system, preferably small in size, as a
> replacement for a Cisco router or firewall?  It should run OpenWRT, or a
> derived work.
> 
> So far I've been looking at the Asus WL-500G, but I'm always open to
> suggestions.

I'd not recommend such a thing for VPN usage if you care about
throughput at all. I played around with hooking a WRT54GS (~200MHz MIPS,
iirc) to our office ipsec vpn using both vpnc and openswan, and the
performance was *terrible*. Like, 400kbps with vpnc, 1.2Mbps with
openswan. Given enough cpu, I can usually get more like 12Mbps
throughput. Not sure what crypto openvpn uses offhand, but any crypto
that has to be done in software by the router is going to slaughter
throughput.



-- 
Jarod Wilson
jarod at wilsonet.com