Site to Site ipsec VPN

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Sat Feb 23, 2008 6:21    Post subject: Site to Site ipsec VPN Reply with quote
I've always wondered why an ipsec site-to-site VPN was never implemented.
There's a openvpn client, but not a server. The PPTP-client can't nearly establish what one can do with a site-to-site VPN.

At my work we have a Fiberlogic Matrix router. This router is quite obviously made with opensource software, but probably a violation of the GPL. I would love some of the features of this router in my DD-WRT, but I still prefer DD-WRT. The webinterface for firewall rules is superiour as well :(

I haven't done some real investigation, but the reason could also be that IPSEC needs a license...
Well. ipsec isn't that important as having a site-to-site VPN. I'm sure this can be established with openvpn.

Will we ever see this in DD-WRT?

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
Sponsor
funkyzen
DD-WRT Novice


Joined: 16 May 2008
Posts: 1

PostPosted: Fri May 16, 2008 12:55    Post subject: Reply with quote
I'd love to see this as well.

i was excited when i discovered dd-wrt until i realized you couldn't use it to establish a point-to-point ipsec vpn.

without that i don't really see a real reason to use the dd-wrt firmware over the standard linksys firmware.
Knasher
DD-WRT User


Joined: 07 Nov 2007
Posts: 449

PostPosted: Fri May 16, 2008 14:57    Post subject: Reply with quote
IPSec is provided by the OpenSwan packages in Optware, assuming you have a router with enough space for jffs then there is no reason why you can't do this. Personally I prefer OpenVPN for this type of stuff, and there is a server in ddwrt vpn edition you just can't really use the GUI to set it up.

The only reason OpenSwan isn't included by default is a space constraint, they only really had room for an OpenVPN and PPTP client and server.
switch
DD-WRT Guru


Joined: 30 Apr 2008
Posts: 967
Location: Romania

PostPosted: Sat May 17, 2008 7:23    Post subject: Reply with quote
I'm sorry but an OpenVPN server *IS* included. You just can't configure it via the web interface, but it's there.

IPSec is better than OpenVPN since IPSec allws interconnectivity with other kinds of routers (I've had experiences with Cisco routers).
switch
DD-WRT Guru


Joined: 30 Apr 2008
Posts: 967
Location: Romania

PostPosted: Mon May 19, 2008 14:24    Post subject: Reply with quote
*bump*

So... what about IPSec support for DD-WRT? Smile
Axel Stone
DD-WRT Novice


Joined: 03 Sep 2007
Posts: 44

PostPosted: Fri May 23, 2008 1:09    Post subject: Reply with quote
Can OpenVPN do IPSec?
nbdwt73
DD-WRT Novice


Joined: 07 Feb 2008
Posts: 33

PostPosted: Tue May 27, 2008 14:19    Post subject: Reply with quote
BUMP - am also interested in IPSec tunneling.
Knasher
DD-WRT User


Joined: 07 Nov 2007
Posts: 449

PostPosted: Tue May 27, 2008 15:16    Post subject: Reply with quote
Try following http://wiki.openwrt.org/IPSec
switch
DD-WRT Guru


Joined: 30 Apr 2008
Posts: 967
Location: Romania

PostPosted: Tue May 27, 2008 17:02    Post subject: Reply with quote
Interesting read. Thanks for the link!

However...
Quote:
1.3.9. Speed

Depending on the encryption (esp=) the following transfer rates might be achieved:

aes-sha1: 160kb/s
3des-sha1: 230kb/s
des-sha1: 260kb/s


Not too encouraging Sad
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 545
Location: Pittsburgh, PA USA

PostPosted: Tue May 27, 2008 17:14    Post subject: Reply with quote
I believe some of the builds include an IPSEC client, VPNC. I've seen posts in the forums about connecting to Cisco concentrators.

Both this and the OpenVPN server are not in the GUI.

If you're doing site to site between two DD-WRT routers, I'd recommend the OpenVPN setup. It's fast and less prone to NAT problems.

VPNC from the WIKI:
http://www.dd-wrt.com/wiki/index.php/VPNC

Simplest way to set up OpenVPN site to site:
http://www.dd-wrt.com/wiki/index.php/OpenVPN#Server_mode_with_Static_Key
switch
DD-WRT Guru


Joined: 30 Apr 2008
Posts: 967
Location: Romania

PostPosted: Tue May 27, 2008 18:05    Post subject: Reply with quote
The client for the VPN Concentrator has nothing to do with a proper IPSec implementation, such as that based on OpenSWAN.

The VPN build includes OpenVPN which, after reading the info on OpenSWAN, I believe is the best approach to site-to-site or remote-access VPN for DD-WRT. The only exception would be when trying to connect to a peer that doesn't support OpenVPN (e.g. Cisco box).
Knasher
DD-WRT User


Joined: 07 Nov 2007
Posts: 449

PostPosted: Wed May 28, 2008 10:09    Post subject: Reply with quote
Because VPN stuff is designed for use on the internet the encryption is far far stronger than that used on wireless networks. Its unfortunate but you can't really expect a ~200Mhz router to handle decryption at any real speed at all.
somms
DD-WRT User


Joined: 21 Mar 2008
Posts: 261

PostPosted: Wed May 28, 2008 17:01    Post subject: Reply with quote
Knasher wrote:
Because VPN stuff is designed for use on the internet the encryption is far far stronger than that used on wireless networks. Its unfortunate but you can't really expect a ~200Mhz router to handle decryption at any real speed at all.


http://www.dd-wrt.com/phpBB2/viewtopic.php?p=178696&highlight=#178696

My current Local Lan throughput w/OpenVPN tunnel using TCP is @6000kbps(UDP not an option since proxy server at work) Crying or Very sad

Think that the newer Pre-N routers can handle OpenVPN encryption/decryption at a decent rate...

_________________


Member of the Professional Aviation Safety Specialists Union!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum