Embedded Linux VPN Router Near Release

← Back to Stories (view on slashdot.org)

Embedded Linux VPN Router Near Release

Posted by simoniker on Monday December 29, 2003 @09:11AM from the embed-this dept.

An anonymous reader writes "A new open source project aims to build a VPN router that supports all major routing protocols on a standardized hardware platform running embedded Linux. The "Linux Router Project - LR101" started in mid-2003 and plans a first release in January 2004. It is based on a dual-NIC VIA EPIA mainboard and a Travla case, along with Red Hat 8, zebra, FreeS/WAN, IP-tables, an other open source software, all compiled from source."

16 of 121 comments (clear)

HA by pheared · 2003-12-29 09:15 · Score: 5, Interesting

It would be nice if they have High Availability on their feature list. Some nice solid appliances like this would be interesting.
Clarification needed. by Mourgos · 2003-12-29 09:15 · Score: 5, Insightful

Is this a stripped down Redhat distro, with a configuration tool that they wrote? Isn't a whole distribution a little bit too much for such a project? Wouldn't a linuxfromscratch installation - with only the bare minimums - be a better idea? Just a thought.
Isn't it missing something? by Rosco+P.+Coltrane · 2003-12-29 09:18 · Score: 4, Insightful

Where's PPTP? for a VPN router, it's kind of desirable ...

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re:Isn't it missing something? by bzzzt · 2003-12-29 09:23 · Score: 3, Informative
  
  According to the "tech details" page it's shipping with the Poptop pptp server...
Why not a WRV54G? by greygent · 2003-12-29 09:20 · Score: 4, Insightful

Or, just buy a Linux-based Linksys WRV54G for well under $200 with most, if not all the features of this project. No, I don't mean the WRT54g, I mean the WRV54G. Excellent piece of gear, VPN, firewalling, dmz, wireless (wep/wpa), snmp, yadda yadda.
Re:Warning ! by Tony+Hoyle · 2003-12-29 09:21 · Score: 4, Insightful

If that's true, then it's illegal for a US citizen to contribute to the 2.6.0 kernel too, since that has crypto in it.
Compiled from source... by Binestar · 2003-12-29 09:21 · Score: 5, Funny

all compiled from source.

As opposed to say, a Linksys Router, which we all know is compiled from Cheerios. =)

--
Do you Gentoo!?
RH8? by Jeffrey+Baker · 2003-12-29 09:22 · Score: 4, Informative

Using a full blown RH 8 installations eems like an odd thing to do. Lots of people are using Soekris computers as routers, firewalls, access points, and VPNs, but they are generally run off stripped BSD or Linux installations with hardly any extraneous crap. Mine is running a very bare Debian installed into a 256MB compact flash.
Soekris
1. Re:RH8? by NevDull · 2003-12-29 09:46 · Score: 5, Funny
  
  If you had read the article, you'd have seen that they are using 32MB CF. Do you really think they're running "a full blown RH 8 [sic] installations"?
  
  Please check one:
  [ ] I can't read
  [ ] I choose not to read
  [ ] I read the article, but I think that a full install of RedHat fits in 32MB
  [ ] Please forgive my Debian zealotry
Not to be confused with... by ScottSpeaks! · 2003-12-29 09:29 · Score: 4, Informative

...the Linux Router Project, a floppy-based 386-compatible micro-distro which served as the basis for (among other things) Coyote Linux.
1. Re:Not to be confused with... by fataugie · 2003-12-29 09:37 · Score: 3, Informative
  
  That's all well and good, but LRP was shutdown after Diesel Dave decided to call it quits. It was news on slashdot a few months ago (too lazy to link to it).
  
  LEAF is the successor (LEAF).
  
  --
  
  WTF? Over?
Use a $80 wrt54g to do the same by Jim+Buzbee · 2003-12-29 09:33 · Score: 4, Informative

Custom firmware for the wrt54g does/will do pretty much the same thing. Progress is very quick. See the forum here:

sveasoft
PPTP is UNdesirable by billstewart · 2003-12-29 09:37 · Score: 3, Interesting

The initial PPTP was a total botch, with seven major security flaws. Some of them have since been fixed, but it gives you some idea of the professionalism and quality that didn't go into the basic design. If you want to use a VPN for security, use IPSEC - and this project has FreeS/WAN IPSEC in it. If you really really want to use a VPN to transport lame non-IP legacy Microsoft LAN protocols, go pay Microsoft some money for one of their server projects, and charge the silly customer who's hiring you as a consultant because they don't want to upgrade to the 1990s for it. If you want to use a VPN to carry private IP addresses, but don't actually care about security, use IPSEC anyway, or use GRE tunnels.

--

Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
1. Re:PPTP is UNdesirable by jbr439 · 2003-12-29 10:19 · Score: 3, Insightful
  
  How about if I want to use my home linux box to access my employer's Microsoft based network?
  
  Do I downgrade my home box to Windows? Ans: when hell freezes over.
  
  Do I get my employer to use IPSEC? Ans: not if my employer is an "all microsoft, all the time" kind of place. [although with MS supporting IPSEC in some form, that is changing]
  
  In other words, contrary to what some of the less thoughtful may think, PPTP client functionality is a must for some of us; and telling us why we should not be using PPTP is, shall we say, less than helpful.
Re:Warning ! by Homology · 2003-12-29 10:22 · Score: 3, Informative

If that's true, then it's illegal for a US citizen to contribute to the 2.6.0 kernel too, since that has crypto in it.
Indeed, export of cryptographic technology from USA is hampered with strong restrictions. So many Open Source projects are quite careful to avoid breaking laws by having (much) development done outside USA, and also letting release builds be done outside US as well.
For instance, OpenBSD has offered strong encryption for several years. The OpenBSD project is located in Canada, and a lot of development/release builds are done outside US. As Integrated Crypto shows :
Hence the OpenBSD project has embedded cryptography into numerous places in the operating system. We require that the cryptographic software we use be freely available and with good licenses. We do not directly use cryptography with nasty patents. We also require that such software is from countries with useful export licenses because we do not wish to break the laws of any country. The cryptographic software components which we use currently were written in Argentina, Australia, Canada, Germany, Greece, Norway, and Sweden.
When we create OpenBSD releases or snapshots we build our release binaries in free countries to assure that the sources and binaries we provide to users are free of tainting. In the past our release binary builds have been done in Canada, Sweden, and Germany.
Re:"RealTek/NE2000 compatible NICs for the DMZ" by smnolde · 2003-12-29 11:34 · Score: 3, Interesting

RealTek is RealCrap. You get what you pay for.

From /usr/src/sys/pci/if_rl.c on my FreeBSD system:
* The RealTek 8139 PCI NIC redefines the meaning of 'low end.' This is
* probably the worst PCI ethernet controller ever made, with the possible
* exception of the FEAST chip made by SMC. The 8139 supports bus-master
* DMA, but it has a terrible interface that nullifies any performance
* gains that bus-master DMA usually offers.
*
* It's impossible given this rotten design to really achieve decent
* performance at 100Mbps, unless you happen to have a 400Mhz PII or
* some equally overmuscled CPU to drive it.

This is my favorite comment:
* Here's a totally undocumented fact for you. When the
* RealTek chip is in the process of copying a packet into
* RAM for you, the length will be 0xfff0. If you spot a
* packet header with this value, you need to stop. The
* datasheet makes absolutely no mention of this and
* RealTek should be shot for this.

More funny stuff:
* The RealTek is brain damaged and wants longword-aligned
* TX buffers, plus we can only have one fragment buffer
* per packet. We have to copy pretty much all the time.