From: "Joel Wirāmu Pauling" <joel@aenertia.net>
To: Dave Taht <dave.taht@gmail.com>
Cc: cerowrt-users <cerowrt-users@lists.bufferbloat.net>,
Eric Johansson <esj@eggo.org>,
"cerowrt-devel@lists.bufferbloat.net"
<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] [Cerowrt-users] Open VPN config
Date: Mon, 22 Sep 2014 20:01:06 +1200 [thread overview]
Message-ID: <CAKiAkGQodNdFW5H6NZj69WTRQDL8DKSeDM3CTxq2dtZi9hJ4kg@mail.gmail.com> (raw)
In-Reply-To: <CAA93jw6d9_gOWVLkxXmFzVK89KYMKJLDKDiXVcEVL=zFAhEMSw@mail.gmail.com>
I've found that OpenVPN on the ar71xx boards with tls-client security
and UDP based tunnel encap max hit a cpu bound upper transfer limit of
about 10mbit.
Just FYI.
-Joel
On 22 September 2014 17:21, Dave Taht <dave.taht@gmail.com> wrote:
> Eric:
>
> Most of the cerowrt folk are on cerowrt-devel.
>
> http://wiki.openwrt.org/doc/howto/vpn.openvpn has some doc on setting
> up openvpn on openwrt which mostly applies to cerowrt.
>
> Your internal hosts should be able to initiate a vpn connection
> through a cerowrt box, no problem.
>
> As for routing the vpn, you do have to allow the ips in with bcp38,
> among other things. If you post your route table here (or to a bug in
> the cerowrt database) perhaps that will show something.
>
> As for generating keys and CA on the router itself - well, it's safer,
> faster and there is more entropy if you do that on a separate box
> entirely.
>
>
> On Mon, Sep 22, 2014 at 7:18 AM, Eric Johansson <esj@eggo.org> wrote:
>> Install the latest cerowrt so far so good. I'm trying to set up Open VPN configuration on it. I need to set of one client connection and 1 server side connection.
>>
>> On the client side, everything came up I can access from the cerowrt box but not from any machine on my internal network. I suspect there are firewall rules missing . Yes, I saw all the internal routes to all of the networks at the far end.
>>
>> Any pointers would be appreciated.
>>
>> On the server side, I'm not sure what to do exactly. I'm not thrilled about making a CA run on the cerowrt box. I'm tempted to run Tiny CA internally and move certificates over as needed. Suggestions are welcome.
>> _______________________________________________
>> Cerowrt-users mailing list
>> Cerowrt-users@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-users
>
>
>
> --
> Dave Täht
>
> https://www.bufferbloat.net/projects/make-wifi-fast
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
prev parent reply other threads:[~2014-09-22 8:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20140922041822.6AB7A3C2BF7@z.eggo.org>
2014-09-22 5:21 ` Dave Taht
2014-09-22 8:01 ` Joel Wirāmu Pauling [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKiAkGQodNdFW5H6NZj69WTRQDL8DKSeDM3CTxq2dtZi9hJ4kg@mail.gmail.com \
--to=joel@aenertia.net \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=cerowrt-users@lists.bufferbloat.net \
--cc=dave.taht@gmail.com \
--cc=esj@eggo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox