Looking for least expensive router with IPtables

[mstrom62]

I have a client with computers in many offices scattered around our metro area. They use OpenDNS to help keep the users from going to web sites they are not supposed too, but it is easy enough to change the DNS settings for a user. I'd like to put in routers that allow me to set the DNS query in the IPtables so it doesn't matter what they put in their computer.

I'm talking about buying 50 or 60 routers, so finding a good unit that's inexpensive is important. I see the lowest unit for Merlins firmware is an RT-N16. Is this a decent router? any others that I might be able to use that are cheaper but still get the job done?

Thanks

 

[RMerlin]

I have a client with computers in many offices scattered around our metro area. They use OpenDNS to help keep the users from going to web sites they are not supposed too, but it is easy enough to change the DNS settings for a user. I'd like to put in routers that allow me to set the DNS query in the IPtables so it doesn't matter what they put in their computer.

I'm talking about buying 50 or 60 routers, so finding a good unit that's inexpensive is important. I see the lowest unit for Merlins firmware is an RT-N16. Is this a decent router? any others that I might be able to use that are cheaper but still get the job done?

RT-N16 is a fairly capable router with its 480 MHz CPU, and will be able to handle most WAN types out there (except high speed, PPPoE-based ones).

Another possibility if you want to go with a less expensive router would be to run Tomato on it, which will give you the same level of freedom at the iptables level. I think Tomato even has a webui option to intercept all DNS requests.

One thing that will drive the router selection will be the speed of the WAN interface, and if you want to use it for VPN or only for routing + wifi.

 

[oldgringo]

I have a client with computers in many offices scattered around our metro area. They use OpenDNS to help keep the users from going to web sites they are not supposed too, but it is easy enough to change the DNS settings for a user. I'd like to put in routers that allow me to set the DNS query in the IPtables so it doesn't matter what they put in their computer.

I'm talking about buying 50 or 60 routers, so finding a good unit that's inexpensive is important. I see the lowest unit for Merlins firmware is an RT-N16. Is this a decent router? any others that I might be able to use that are cheaper but still get the job done?

Thanks

Another significant parameter is the processor speed. Greater amount of iptables load CPU pretty high therefore slower (cheaper) iptables capable router sometimes freezes. If I need stable operation I would not go under the RT-N16.

 

[mstrom62]

It is possible that we will set up a system with VPN. I'm not sure if I explained the client setup before, but it is an apartment property management company. So they have one corporate office, with about 70 leasing offices, one at each of the apartment complexes they manage. So if I did VPN, it would be a very large many to one VPN scenario.

That brings up a question on the OpenVPN. Can multiple OpenVPN client routers connect to a single OpenVPN server router?

 

[RMerlin]

It is possible that we will set up a system with VPN. I'm not sure if I explained the client setup before, but it is an apartment property management company. So they have one corporate office, with about 70 leasing offices, one at each of the apartment complexes they manage. So if I did VPN, it would be a very large many to one VPN scenario.

That brings up a question on the OpenVPN. Can multiple OpenVPN client routers connect to a single OpenVPN server router?

Yes, but you will definitely need something more beefy than a home gateway with 256 MB of RAM and no hardware-level crypto acceleration to handle so many clients simultaneously connected. This is falling into the business level of products (or, a dedicated PC running the OpenVPN server).

 

[mstrom62]

One thing that will drive the router selection will be the speed of the WAN interface, and if you want to use it for VPN or only for routing + wifi.

Almost all the sites are using Comcast internet with 20/7 speeds.

 

[mstrom62]

Yes, but you will definitely need something more beefy than a home gateway with 256 MB of RAM and no hardware-level crypto acceleration to handle so many clients simultaneously connected. This is falling into the business level of products (or, a dedicated PC running the OpenVPN server).

Yes, I know that an OpenVPN server would be required if we were to implement this fully. I am sure though that initially we will do a proof of concept with 2 or 3 sites to see how it works, and I was hoping that would be done with just the router. On the other hand, I'd probably build a VM to be an OpenVPN server so it wouldn't take that much work either even in the trial stage.

 

[RMerlin]

Yes, I know that an OpenVPN server would be required if we were to implement this fully. I am sure though that initially we will do a proof of concept with 2 or 3 sites to see how it works, and I was hoping that would be done with just the router. On the other hand, I'd probably build a VM to be an OpenVPN server so it wouldn't take that much work either even in the trial stage.

You shouldn't have any problem having a handful of test clients connecting to it as a proof-of-concept, so long you don't also need to do some throughput test to show the customer what type of performance he can expect out of it - having a VM running on a laptop might probably be a better test fir this.

The new OVPN Import function that Asus implemented might also make your job much easier when setting up each router, so you won't need to manually change a bunch of settings through the webui.