[gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Linux GNUbie]

Hello all,

We're planning to deploy Linux based VPN client using IPSec on our
branches which will have a downstream/upstream of 256Kbps DSL
connection.  Our VPN gateway which will be located in our main office
will run on an OpenS/WAN VPN implementation.  My first question is, do
you guys think that the Linksys [1]BEFSR41 or the [2]WRT54G can cater
the said requirement?  All of the VPN clients will have a single server
behind them and connected through a crossover cable only.  The VPN
connection is actually dedicated to the server behind each VPN clients.

My only concerns of the two said Linksys appliances when it comes to
their hardware specifications are:

[a] 200Mhz processor
[b] 4MB flash drives
[c] 16MB RAM

My three main reasons why I'm planning to make use of either of the said
appliances are [a]cheaper cost of the box, [b]low power consumption and
[c]small enough that is basically can save space.

My second question is, do you guys think that with the said hardware
specifications, it is possible to install Gentoo Linux in it?  Or, has
anyone able to install Gentoo Linux in it primarily used as a VPN
client?

Below are the tools that I need so far for the VPN client:

[a] IPTables
[b] VPN client
[c] OpenSSH
[d] RP-PPPoE
[e] IPTraf
[f] nmap
[g] mtr

Your inputs and suggestions are very much appreciated.

Thanks in advance.


---
Linux GNUbie <gnubieATgmailDOTcom>


[1] http://www.linksys.com/products/product.asp?prid=20&grid=5
[2] http://www.linksys.com/products/product.asp?prid=508&scid=35

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Samuel T. Cossette]

Hi,

Why don't you use OpenWRT? You can easily install most packages (don't know
for mtr) you want.

bye,

-samuel

> Hello all,
>
> We're planning to deploy Linux based VPN client using IPSec on our
> branches which will have a downstream/upstream of 256Kbps DSL
> connection.  Our VPN gateway which will be located in our main office
> will run on an OpenS/WAN VPN implementation.  My first question is, do
> you guys think that the Linksys [1]BEFSR41 or the [2]WRT54G can cater
> the said requirement?  All of the VPN clients will have a single server
> behind them and connected through a crossover cable only.  The VPN
> connection is actually dedicated to the server behind each VPN clients.
>
> My only concerns of the two said Linksys appliances when it comes to
> their hardware specifications are:
>
> [a] 200Mhz processor
> [b] 4MB flash drives
> [c] 16MB RAM
>
> My three main reasons why I'm planning to make use of either of the said
> appliances are [a]cheaper cost of the box, [b]low power consumption and
> [c]small enough that is basically can save space.
>
> My second question is, do you guys think that with the said hardware
> specifications, it is possible to install Gentoo Linux in it?  Or, has
> anyone able to install Gentoo Linux in it primarily used as a VPN
> client?
>
> Below are the tools that I need so far for the VPN client:
>
> [a] IPTables
> [b] VPN client
> [c] OpenSSH
> [d] RP-PPPoE
> [e] IPTraf
> [f] nmap
> [g] mtr
>
> Your inputs and suggestions are very much appreciated.
>
> Thanks in advance.
>
>
> ---
> Linux GNUbie <gnubieATgmailDOTcom>
>
>
> [1] http://www.linksys.com/products/product.asp?prid=20&grid=5
> [2] http://www.linksys.com/products/product.asp?prid=508&scid=35
>
> --
> gentoo-embedded@gentoo.org mailing list
>
>


Samuel T. Cossette
samuel@levinux.org, 1.418.8o2.784o
<< Well, that's for me to know and you to find out. >> Jeffrey, Blue Velvet

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Ned Ludd]

On Sun, 2005-04-24 at 00:42 +0800, Linux GNUbie wrote:
> Hello all,
> 
> We're planning to deploy Linux based VPN client using IPSec on our
> branches which will have a downstream/upstream of 256Kbps DSL
> connection.  Our VPN gateway which will be located in our main office
> will run on an OpenS/WAN VPN implementation.  My first question is, do
> you guys think that the Linksys [1]BEFSR41 or the [2]WRT54G can cater
> the said requirement?  All of the VPN clients will have a single server
> behind them and connected through a crossover cable only.  The VPN
> connection is actually dedicated to the server behind each VPN clients.
> 
> My only concerns of the two said Linksys appliances when it comes to
> their hardware specifications are:
> 
> [a] 200Mhz processor
> [b] 4MB flash drives
> [c] 16MB RAM
> 
> My three main reasons why I'm planning to make use of either of the said
> appliances are [a]cheaper cost of the box, [b]low power consumption and
> [c]small enough that is basically can save space.
> 
> My second question is, do you guys think that with the said hardware
> specifications, it is possible to install Gentoo Linux in it?  Or, has
> anyone able to install Gentoo Linux in it primarily used as a VPN
> client?


Almost of all of this can theoretically be done via Gentoo currently
with a little work, but honestly Mike Bakers OpenWRT project is better
suited for the task right now.

These great little mipsel devices use a proprietary wireless driver
module and an older kernel. So to make the solution complete at Gentoo
one would require a kernel that was able to load the linksys module as
well as meet the security standards for a kernel. That's where these
devices and all known public sources for them fall a bit short.

http://openwrt.org

-- 
Ned Ludd <solar@gentoo.org>

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Eero Lemmelä]

On 00:42 Sun 24 Apr, Linux GNUbie wrote:
> Hello all,
> 
> We're planning to deploy Linux based VPN client using IPSec on our
> branches which will have a downstream/upstream of 256Kbps DSL
> connection.  Our VPN gateway which will be located in our main office
> will run on an OpenS/WAN VPN implementation.  My first question is, do
> you guys think that the Linksys [1]BEFSR41 or the [2]WRT54G can cater
> the said requirement?  All of the VPN clients will have a single server
> behind them and connected through a crossover cable only.  The VPN
> connection is actually dedicated to the server behind each VPN clients.
> 
> My only concerns of the two said Linksys appliances when it comes to
> their hardware specifications are:
> 
> [a] 200Mhz processor
> [b] 4MB flash drives
> [c] 16MB RAM

I have a Linksys WRT54G v2.2 running OpenWRT. If you haven't already
checked it out, I think you should:

http://openwrt.org/

I bought my unit at the time when v2.2 had just been published and wasn't
officially supported by OpenWRT (still isn't). I played around with the
unit quite a lot at the time and now it is pretty unstable (random
reboots) under heavy load... BUT my friend has a similar unit and he hasn't
had any problems with it. We both have a 10 Mbps downstream/upstream DSL,
so my problems are propably due to my experiments. I'm pretty confident
that you would be just fine.

> My second question is, do you guys think that with the said hardware
> specifications, it is possible to install Gentoo Linux in it?

I think it could be possible, but what do I know: I'm a newbie with this
sort of stuff.

If someone has or is going to try to install Gentoo to Linksys WRT54G,
I'm eager to contribute at least by testing!

> Below are the tools that I need so far for the VPN client:
> 
> [a] IPTables
> [b] VPN client
> [c] OpenSSH
> [d] RP-PPPoE
> [e] IPTraf
> [f] nmap
> [g] mtr

There is a package tracker for OpenWRT:

http://nthill.free.fr/openwrt/tracker/

Didn't find nmap nor mtr, but the rest are available.

-- 
   - Eero
-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Linux GNUbie]

On Sat, 2005-04-23 at 14:49 -0400, Ned Ludd wrote:
> 
> 
> Almost of all of this can theoretically be done via Gentoo currently
> with a little work, but honestly Mike Bakers OpenWRT project is better
> suited for the task right now.
> 
> These great little mipsel devices use a proprietary wireless driver
> module and an older kernel. So to make the solution complete at Gentoo
> one would require a kernel that was able to load the linksys module as
> well as meet the security standards for a kernel. That's where these
> devices and all known public sources for them fall a bit short.
> 
> http://openwrt.org

Hello Solar, Samuel, Eero, and others who replied about my inquiry,

Yes, I already have an idea about the existence of the OpenWRT project
and quite interested with it.  But since the website doesn't have a
final say about the full support or stability of the Linksys BEFSR41 or
WRT54G used as a VPN client, and I'm also a Gentoo user myself, I asked
here if it's possible to install Gentoo Linux instead.  Not only that,
as I've also asked on my original post, do you think that having a
200Mhz processor, 16MB RAM and 4MB flash drive can be a practical and
viable VPN client box for a VPN IPSec connection?  In short, with the
said hardware specs, do you think it can work as a VPN client without
degrading performance either the system or the data that passes through
the said VPN client?

Thanks again.

---
Linux GNUbie <gnubieATgmailDOTcom>

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Daniel Armyr]

> These great little mipsel devices use a proprietary wireless driver
> module and an older kernel. So to make the solution complete at Gentoo
> one would require a kernel that was able to load the linksys module as
> well as meet the security standards for a kernel. That's where these
> devices and all known public sources for them fall a bit short.

But as I understand it, the OpenWRT comes with complete kernel sources. As such, one should be able to just export them from OpenWRT and use them with Gentoo under the name wrt-sources. Am I wrong?

However, what has stopped me from trying gentoo on my little box is that it seems gentoo-embedded is geared towards devices with storage in the 100s of megabytes which the WRT does not have.

-- 
++++++++++++++++++++++++++++++++++++++++
daniel.armyr@home.se	f00-dar@f.kth.se
Tegnergatan 40 rum 505	+46 8 31 52 17	
113 59 Stockholm	+46 73 038 3097
++++++++++++++++++++++++++++++++++++++++
-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Daniel Armyr]

> here if it's possible to install Gentoo Linux instead.  Not only that,
> as I've also asked on my original post, do you think that having a
> 200Mhz processor, 16MB RAM and 4MB flash drive can be a practical and
> viable VPN client box for a VPN IPSec connection?  In short, with the
> said hardware specs, do you think it can work as a VPN client without
> degrading performance either the system or the data that passes > through the said VPN client?

I am not too familiar with VPN, but as I understand it, it is pretty much only a convenient way to tunnel all traffic through an encrypted pipe. Would a benchmark using an ssh-tunnel give sufficiently relevant results?
-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Linux GNUbie]

On Sun, 2005-04-24 at 08:32 +0200, Daniel Armyr wrote:
> 
> I am not too familiar with VPN, but as I understand it, it is pretty much only a convenient way to tunnel all traffic through an encrypted pipe. Would a benchmark using an ssh-tunnel give sufficiently relevant results?

I have friends that told me that the hardware specs of the Linksys
BEFSR41 or WRT54G cannot support the VPN client service simply because
of the encryption/decryption process that needs more processing power
and physical memory.

Can anybody would want to enlighten me about our plan?

Thanks again.

---
Linux GNUbie <gnubieATgmailDOTcom>

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Paul Bohme]

Linux GNUbie wrote:

>On Sun, 2005-04-24 at 08:32 +0200, Daniel Armyr wrote:
>  
>
>>I am not too familiar with VPN, but as I understand it, it is pretty much only a convenient way to tunnel all traffic through an encrypted pipe. Would a benchmark using an ssh-tunnel give sufficiently relevant results?
>>    
>>
>
>I have friends that told me that the hardware specs of the Linksys
>BEFSR41 or WRT54G cannot support the VPN client service simply because
>of the encryption/decryption process that needs more processing power
>and physical memory.
>

The WRT54GS has 8MB of flash, btw, and (IIRC) 32MB of RAM (I have one on
the desk next to me, would have to check.)  The extra flash makes it a
bit roomier to hack on.  I'm (slowly) getting it set up to replace a
machine at work that we use to bridge a couple of networks.

I did some googling and came up with:

http://martybugs.net/wireless/openwrt/openvpn.cgi

    ----(snip)----
Performance Testing
Network Architecture
This WRT is connecting to an 802.11b Minitar MNWAPB access point, and
hence is restricted to 802.11b 11Mbps speeds.

The throughput was measured by using wget to retrieve a 3MB file over
the wireless link.

Initial tests were performed during setup, when the WRT was physically
located close to the Minitar access point, so the WRT was associated to
the Minitar with a link rate of 11Mbps. The tests were repeated once the
WRT was installed at the client site, with similar results.

Throughput Without VPN
Throughput over the wireless link between the WRT and the Minitar was
tested at approximately 600 kbytes/sec (ie, typical for an 802.11b
wireless link).

Throughput With VPN
Once the VPN tunnel was established, and all traffic routed through it,
the tests were repeated. Throughput dropped to approximately 300 kbytes/sec.

The major cause of this slow-down is the CPU in the WRT, as it needs to
encrypt and decrypt all the traffic that is passing through the VPN
tunnel. This can be observed by monitoring the CPU usage on the WRT
while transferring large amounts of traffic through the VPN tunnel - the
OpenVPN process consumes 99% of the CPU during this time.

The slow-down caused by the VPN tunnel is acceptable in the situation
I'm using the WRT. If this isn't the case, the throughput of the VPN
tunnel can be increased by moving the VPN termination from the WRT onto
a faster device (ie, a linux router) behind the WRT.
    ----(snip)----

So there's at least one test, but as usual YMMV.

  -P

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Ned Ludd]

On Sun, 2005-04-24 at 08:28 +0200, Daniel Armyr wrote:
> > These great little mipsel devices use a proprietary wireless driver
> > module and an older kernel. So to make the solution complete at Gentoo
> > one would require a kernel that was able to load the linksys module as
> > well as meet the security standards for a kernel. That's where these
> > devices and all known public sources for them fall a bit short.
> 
> But as I understand it, the OpenWRT comes with complete kernel sources. As such, one should be able to just export them from OpenWRT and use them with Gentoo under the name wrt-sources. Am I wrong?

Sure you could do that local and we may do that after mbm's experimental tree goes into production.

> However, what has stopped me from trying gentoo on my little box is that it seems gentoo-embedded is geared towards devices with storage in the 100s of megabytes which the WRT does not have.

I have no idea where you get the 100M figure from. It's wrong.
Smallest bootable system I've built while I've been here is 644K minus
the kernel.

> -- 
> ++++++++++++++++++++++++++++++++++++++++
> daniel.armyr@home.se	f00-dar@f.kth.se
> Tegnergatan 40 rum 505	+46 8 31 52 17	
> 113 59 Stockholm	+46 73 038 3097
> ++++++++++++++++++++++++++++++++++++++++
-- 
Ned Ludd <solar@gentoo.org>

-- 
gentoo-embedded@gentoo.org mailing list

Re: [gentoo-embedded] Gentoo Embedded Linux on Linksys Blue Boxes

[Daniel Armyr]

> I have no idea where you get the 100M figure from. It's wrong.
> Smallest bootable system I've built while I've been here is 644K minus
> the kernel.

Oh, cool. My bad. Time to look up that documentation gain I suppose and give gentoo/WRT another shot.

-- 
++++++++++++++++++++++++++++++++++++++++
daniel.armyr@home.se	f00-dar@f.kth.se
Tegnergatan 40 rum 505	+46 8 31 52 17	
113 59 Stockholm	+46 73 038 3097
++++++++++++++++++++++++++++++++++++++++
-- 
gentoo-embedded@gentoo.org mailing list