Re: DD-WRT VPN
- From: "Adair Winter" <adairw@xxxxxxxxxx>
- Date: Wed, 2 Jul 2008 15:31:31 -0500
Thanks for the input Jeff as always your helpful. As I stated befor be do
not need a ton of bandwidth but I also know what it like to run anything on
hardware that is being pushed beyond it's limits.
Anyone want to suggest some other solutions for the VPN that wont require
stupid expensive hardware and ideally can be placed behind the firewalls
that are in place.. I.E the VPN hardware just creates the tunnel thru the
WAN router. Id be more interested in a solution that would let us reuse
exsisting hardware we might already have
Adair
Adair
"Jeff Liebermann" <jeffl@xxxxxxxxxx> wrote in message
news:ev8n64t9vos1h8ebvasn9dr0mioojg1c7b@xxxxxxxxxx
On Wed, 2 Jul 2008 09:33:38 -0500, "Adair Winter" <adairw@xxxxxxxxxx>
wrote:
Curious if anyone knows how well or if at all DD-WRT works in a multipoint
VPN enviroment.
Yep. It sucks. You're just not going to get much in the way of
performance from an already overloaded CPU. The problem is that
OpenVPN has to encrypt and decrypt the tunnel at both ends. Crypto
modules burn lots of CPU cycles (and is usually best done in a
dedicated processor). I didn't even bother doing benchmarks with just
one tunnel, as bench tests showed it was obviously far too slow.
If you have a pair of routers loaded with DD-WRT, try a simple end to
end bench test. Setup the WAN ports for different static IP's with
the gateway IP pointing to the opposite router. Interconnect the WAN
ports with an ethernet crossover cable. At 100baseTX-FDX, you should
able to get wire speed of 100 Mbits/sec between routers. In other
words, you're NOT going to be limited by the speed of the simulated
internet connection.
Now, setup a fast computah at each end of the simulation to a LAN
port. Install IPerf or JPerf benchmarking software.
<http://www.smallnetbuilder.com/content/view/30408/235/>
<http://www.smallnetbuilder.com/content/view/30418/235/>
Make sure you use the latest versions. Now run some benchmarks with
and without the VPN. I've only done this once. I got about
35Mbits/sec thruput w/o the VPN, and I vaguely recall only about
5Mbit/sec (or worse) with PPTP running, but without any optimization
or performance tweaking.
More on IPerf and JPerf:
<http://www.openmaniak.com/iperf.php> (near bottom)
<http://code.google.com/p/xjperf/>
<http://xjperf.googlecode.com/files/jperf2.0.0.zip>
What we want to do is interconnect 3 maybe 4 sites together.
What are you using for connectivity? The CPU can probably handle one
or two tunnels over a slow DSL line or T1.
See benchmarks and comments at:
<http://www.dd-wrt.com/phpBB2/viewtopic.php?p=178704>
With OpenVPN running: 6354/690 Kbits/sec
No VPN running: 26340/723 Kbits/sec
After doing some reading it appears that you have a host side and a
client
side which I assume the host can support multipul clients. but is that the
only configuration or can I take and connect a node that's already a
client
and also use it as a host and allow another client to connect to it?
Reason for asking in the setup we want all sites to be able to communicate
with each other but don't want traffic to have to pass thru the host to
get
there. So some sort of a star configuration would be needed.
You can have multiple connections, but you have to configure each one
individually. I think you can setup a "star", where you have a tunnel
directly to each other endpoint. That will take some simple static
routing and is fairly easily configured. However, that does help with
the preformance problem, but not much. The CPU is still overloaded.
I realize this is a wireless group but DD-WRT is heavely used here so just
looking for comments.
Ask again in the DD-WRT forums.
--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.
- Follow-Ups:
- Re: DD-WRT VPN
- From: Jeff Liebermann
- Re: DD-WRT VPN
- References:
- DD-WRT VPN
- From: Adair Winter
- Re: DD-WRT VPN
- From: Jeff Liebermann
- DD-WRT VPN
- Prev by Date: Re: wireless router as Lan adapter
- Next by Date: Re: wireless router as Lan adapter
- Previous by thread: Re: DD-WRT VPN
- Next by thread: Re: DD-WRT VPN
- Index(es):
Relevant Pages
|
