Openwrt: ipsec

I’ve decided against using ipsec on my router. This is mostly because the openswan packages in the white russian release of OpenWRT are broken. I found alternate ones which I can get to work but those packages break many other parts of the system (wan interface won’t start at boot, dnsmasq doesn’t work right, etc). I looked into openvpn, and that might be somethign I’ll try – if – I can successfully get a machine behind the router to do the decryption of the traffic. The processor in the wrt54g isn’t really beefy enough for what I want to do with it. As for now I”m happy. I can block NFS traffic from the wireless interface. I settled on using WEP plus mac address filtering on the wireless interface. Since I broke the default bridge I have the wireless in a different subnet. That makes it easy to prevent access to NFS from the wireless network. Once I get MythTV working like I want I will probably come back to openVPN so that I could watch shows on a laptop on the deck… I’ve installed snmpd and setup MRTG so I get pretty graphs of network traffic over each interface. I also use SNMP from the inside network to find the IP address of the WAN interface on the router. An internal machine uses the DDNS feature of bind to update my DNS for my home network

Update: I’m using cacti now for my interface graphing needs.

Advertisements
This entry was posted in Geek. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s