Dedicated wired VPN router

[swetoast]

no gui just ssh whats the point of gui when you know how to use a console

 

[sfx2000]

So this is my setup its a solidrun imx6 hummingboard 470Mbps actual bandwidth due to internal chip buses and im using a usb n wifi card to connect other units to it but it works great.

Neat little unit - not too different from my little project that involved a Marvell chip.. (long story there, and I won't discuss it much further there).

 

[sfx2000]

What is the frontend gui for the router on Pi (Arm)? That is the problem I had plus I wanted more ethernet ports then 1, and a usb wifi. Like mentioned you will never saturate the 100Mb connection, I guess if your good at iptables or install openvpn (openvpn connect has a web gui) to it. There are low powered Intel devices out there with multiple nics that you can slap on *sense etc. I really like bsd now.

Pretty much anything one wants - OpenWRT has their UI, and on the dev trunk, it's kinda nice - better than the classic LUCI user interface. Similar to the classic Linksys design (menus across top) but with updated user elements.

We did something different with Bootstrap on cafeole... at a high level, I brought in a designer with a strong UI/UX background, and we ended up with something very nice - F-type structure (menu's on the left), and focused on usability - as far as elements, it ended up looking very google like (Material Design).

Bootstrap is really nice to work with, not just from a design perspective, but from a code perspective...

If one were to mash up Portainer and Cockpit, you'd be pretty close to our UI/UX...

 

[Samir]

Many of the "VPN routers" do their own flavor of VPN...

SEM makes a good point - interoperability is a good thing, and many of the "VPN routers" may not have this, rather, they stay in their private garden..

I'm a bit confused. When you're talking about 'VPN Routers' are you referring to business ipsec vpn routers, or those designed to connect to a vpn service? They're distinctly two different types of devices.

 

[System Error Message]

I'm a bit confused. When you're talking about 'VPN Routers' are you referring to business ipsec vpn routers, or those designed to connect to a vpn service? They're distinctly two different types of devices.

both. While VPN routers offer both client and server (both are used in tunneling situations), consumer routers can also offer the same too but not all routers include the vpn server in their firmware. However unlike VPN routers the firmware used for consumer routers nowaday is just a normal linux with some software running on it. Its not a fully equipped linux like a desktop but its the same linux kernel compiled for the CPU architecture with drivers and software. So theres no reason why you cant install your own VPN server especially when you can use openwrt on them which makes them way better too, giving you the full features and control over the vpn featureset and network if you want. Sure the VPN routers have GUI whereas for the consumer routers that dont you have to resort to CLI but the consumer ones will run vpn better as they have the same underlaying software and a faster CPU.

 

[Samir]

both. While VPN routers offer both client and server (both are used in tunneling situations), consumer routers can also offer the same too but not all routers include the vpn server in their firmware. However unlike VPN routers the firmware used for consumer routers nowaday is just a normal linux with some software running on it. Its not a fully equipped linux like a desktop but its the same linux kernel compiled for the CPU architecture with drivers and software. So theres no reason why you cant install your own VPN server especially when you can use openwrt on them which makes them way better too, giving you the full features and control over the vpn featureset and network if you want. Sure the VPN routers have GUI whereas for the consumer routers that dont you have to resort to CLI but the consumer ones will run vpn better as they have the same underlaying software and a faster CPU.

I've never seen a consumer router that can do ipsec site-to-site tunnels to connect to other business/enterprise vpn routers.

 

[System Error Message]

I've never seen a consumer router that can do ipsec site-to-site tunnels to connect to other business/enterprise vpn routers.

http://demoui.asus.com/Advanced_VPNClient_Content.asp
stock asus wrt firmware, you can have openvpn and pptp vpn server, you can connect to other vpn servers that do pptp, l2tp and openvpn. All a tunnel is is just 1 router being client, 1 being server. l2tp would require ipsec.

 

[Samir]

http://demoui.asus.com/Advanced_VPNClient_Content.asp
stock asus wrt firmware, you can have openvpn and pptp vpn server, you can connect to other vpn servers that do pptp, l2tp and openvpn. All a tunnel is is just 1 router being client, 1 being server. l2tp would require ipsec.

I know all this, but what you cannot do is setup a tunnel to another ipsec site-to-site vpn router--which is the standard for site-to-site vpn tunnels.

 

[occamsrazor]

Another option is to order a J1900 Qotom from China. No Fan, handles heat (65C at idle during noon), Go with opnsense as it supports dnscrypt and openvpn XOR scramble patch with little effort. Does not have AES instructions, but I have not noticed any extra lag besides ping related to distance of server.

If you want more powerful, Qotom also have an i5 fanless model the Q355G4 with AES-NI though a bit more expensive:

http://www.qotomchina.com/product/6..._with_4_Ehternet_NIC_LAN_Barebone_System.html

I am currently thinking about either that or a Gigabyte Brix with an i3-6100u though that's not fanless:

http://www.gigabyte.com/Mini-PcBarebone/GB-BSi3HAL-6100-rev-10#support-faq

 

[sfx2000]

I'm a bit confused. When you're talking about 'VPN Routers' are you referring to business ipsec vpn routers, or those designed to connect to a vpn service? They're distinctly two different types of devices.

Some of them are proprietary SSL/VPN, not OVPN or L2TP/IPSec - so one can get pinned into a corner...

Personally, I'm not a big fan of the commercial VPN services - it's mostly an issue of trust, and if one doesn't own both ends of a VPN link, there is no trust, no matter what they say or promise...

 

[Samir]

Personally, I'm not a big fan of the commercial VPN services - it's mostly an issue of trust, and if one doesn't own both ends of a VPN link, there is no trust, no matter what they say or promise...

I agree, and the problem of even owning both ends of the link is that the link is still managed/monitored by the isp on that end.

There will never be any way to get on a network as vast as the Internet without having exposure. It's just like going out into the real world--there's bad people there too that you have to avoid. Welcome to the worst of the world, virtual style.

 

[sfx2000]

I agree, and the problem of even owning both ends of the link is that the link is still managed/monitored by the isp on that end.

There will never be any way to get on a network as vast as the Internet without having exposure. It's just like going out into the real world--there's bad people there too that you have to avoid. Welcome to the worst of the world, virtual style.

I used to deal/work with layers above the local ISP/ASP layers.

So even VPN where there might be some level of trust - there's always a bigger fish... and that's the elephant in the room.