General Questions

Hi,

I set up m0n0wall yesterday and run it from a USB pen stick on a dual LAN PC, just so I could see the control panel in better detail.

I want to build a router/firewall to replace the current commercial router I have because it does not support VPN very well.
I currently have an Asus N16 router with DD-WRT. I can use OpenVPN and PPTP, but the speeds are VERY slow indeed.
After looking around at various commercial router options I have discovered that the only real way to get what I need which is a
software router/firewall that I'm hoping will offer a good alternative to a commercial router and full VPN client support.

WHAT I WANT TO ACHIEVE:

• Basic router/firewall set up (just like any ready avail router for the home user
• Full VPN client support with OpenVPN, PPTP, L2TP options if possible or at least one of them that I can set up at the router end using a 3rd party VPN service like IPVanish and have ALL PCs and devices connected to the router go through the VPN.

I have been told on another forum that software routers/firewalls don't cut the mustard when it comes to comparing them to commercial hardware routers like the Asus N16 for example.

I would be using something like an Atom and a Mini ITX board that would have 2 x on board 1GB LAN and I have optionally add on a further 4 1GB LAN ports to the motherboard as a daughter card.

I know when it comes to bandwidth through put that I need to consider the CPU. I would typically be passing 100mb of bandwidth across the whole network at any one time. But when taking into consideration the extra resource that a VPN connection will add, I guess extra overhead is the way to go.
So I'm not even sure that an Atom processor will do it.

I plan to link up my current Asus N16 router to the PC router for wireless capabilities for mobile devices etc.

So, what I'd love to hear are peoples recommendations.

The main focus here is the VPN part.
I'm not sure exactly when it comes to the router what the differences are between VPN server and VPN client.
I know in the DD-WRT it's refered to as Client. And for PPTP for example I just pop in the VPN server address, username and password and change a few other settings and that's pretty much it.

The router connects to the VPN server and allows me to send all the traffic through it.
But I was only seeing a maximum of 1mb running the VPN at the router. Where as on a VPN client on my PC... it would be around 10mb (I have 100mb braodband)

thanks

With m0n0wall your VPN options are limited to PPTP and IPSec.

Can anyone offer me any advice regarding Hardware requirements?

Was thinking...
Atom Dual Core 1.8Ghz. <---- is this good enough or should I be thinking bigger?
4 GB Ram.
Dual 1GB Lan (Onboard will also add extra 4 x 1GB LAN add on card to give total of 6 1GB LAN ports)

That CPU should be strong enough - but it's hard to say. When you say "100mb" traffic, do you mean 100Mb (megabit) or 100MB (megabyte)? There is quite a difference.

That CPU should be strong enough - but it's hard to say. When you say "100mb" traffic, do you mean 100Mb (megabit) or 100MB (megabyte)? There is quite a difference.

OK, my net is 100mb.. which is 10 genuine MB. The max I see is like 12MB on any reader (on very good days).
But my net company advertise it as 100mb.

M0n0wall only does pptp and ipsec as already said, but outbound it only does pptp and pppoe...  If you need other options, you may want to look at pfSense.

As for the "software routers/firewalls don't cut the mustard when it comes to comparing them to commercial hardware routers like the Asus N16 for example."   That is a joke...  I have been using m0n0wall in hotels and in the enterprise for years.  I have replaces hundreds or sonicwalls and fortigates...

Now on performance, if you get an Atom board, make sure it has supported nics, as a lot do not. (In the stable version.  1.8b supports more...)  Also, Intel nic have the lowest CPU load.  A Jetway NF96U with the Intel addin 4 port daughter card will do about 400meg on the wire.  (They are gig nics) but if you use the buit in nic (which is a real tek) that drops a bit due to the load on the cpu.  With VPN, you are probably limited to about 150-200 meg.  I do know we can run 20 meg between two sites on IPsec with no real effort.  (Limit of the Internet connection)

If you just want to buy a box, call Steve Winn at Logic Supply.  They have tested and supported configs they will sell you with 1.33 already installed.