Router

Hey Guys,

Ive been with IDNET just under 3 years , I have been using a Cisco ASA5505 Firewall as my router and it has served me well. I am now thinking I should get something else (future proof) which will also cover FTTP when it arrives (330mb/30mb).

Any ideas as to what will/might work? I dont really want to fork out for a Cisco ASA5510. Any new router must allow Client VPN and Site to Site VPN, the latter isn't a high priority but would be nice to have.

Have you considered pfSense?

The basic requirement would be a spare PC with 2+ network cards or if you want a smaller box, perhaps Mini-ITX based e.g. FX56nn
(suggest Intel rather than Realtek NICs).

But you can also try it out as a virtual machine first (in e.g. Virtualbox, VMWare).

If using ADSL initially you would retain something to act as the modem with an ethernet interface (which I guess you were already doing with the Cisco appliance).

Edited by prlzx (Tue 26-Feb-13 14:47:57)

Never used these, I am assuming these are based off linux/BSD which is fine for me. However never used something like this.

Let me check them out.

Thanks

I could just create a VM on my VMware box to do this, it would get a bit tricky with all the different NAT's but it could also work.

Yes you can certainly run it virtual for production use, easier if you either have enough physical NICs to devote one to WAN.

Alternatively if only one NIC, if you use switch that does VLAN tagging, pfSense can tag WAN and LANs to keep them properly isolated on a single physical interface.

With VMs and or VLANs, the more offloading a NIC can do, the less important CPU is for throughput.

For a work project we ran it as a VM in production use for at least a year, admittedly the hardware was plenty beefy enough and had 4 NICs.

Yes it is BSD and derived from mm0n0wall, and it's fairly well established having reached 120,000+ live installs around this time last year.

For client to site VPN, IPSec (config for mobile client) works ok or OpenVPN if you prefer (PPTP as a last resort). I use the ShrewSoft VPN client for Windows as it is more configurable but the native clients of Android and iOS will also work with the right choices on the router side.

Edited by prlzx (Tue 26-Feb-13 15:08:30)

I have the spare NIC's. I just have to get my head around, How VMware will handle the external network then pass through to the vm.

VM networking:
If you have spare NICs, for the networking mode you would usually chose "Bridged Network" as the type so the guest talks "directly" to the network rather than depending on the host network config.

On some Host OSes, it may be possible for that interface to be disabled or at least not configured, and the guest can still use the NIC.

For the type of virtual adapter try one of the VMXNET options if available (I think this is equivalent to virtio or paravirtualisation in Virtualbox and others) where the guest OS understand it is really a virtual adapter so there is less emulation involved in passing packets around) otherwise e1000 (acts like an Intel NIC) or flexible.

But it does depend which VMWare product you have and I haven't used that in a while so I can't be certain.

Edit: documentation for pfSense suggests choosing e1000 during installs and upgrades. It looks like you can switch to VMXNET if you install the VMWare tools package in pfSense (i.e. the package is unloaded during version updates).

Edited by prlzx (Tue 26-Feb-13 16:07:15)

Im very impressed with my new Asus

http://www.asus.com/Networking/RTAC66U/

Got good reviews when hardware tested on TBB. Real world throughput has been tested at at least double the 330m/sec as far as i remember

Yes at home I am using the DSL-N55U which is the same series but ADSL and a/b/g/n but not-AC.

They are great as an all-in-one box but I wouldn't use them as a more serious VPN / firewall / router as-is - yet.

The USB-as-file-storage works as well as I had hoped.

It is promising as flashing it with one of the community or open-source could give it more advanced features and they do have a decent amount of RAM and flash storage for an embedded platform.

Another forum member pointed me at the beta firmware that lets you reassign one of the ethernet ports as WAN so you end up with a multi WAN - cable / ADSL / 3G (with dongle) router which I will try if I need it.

Edited by prlzx (Tue 26-Feb-13 16:18:31)

I read in the FTTP forum that the asus routers are struggling to hit max speed.