From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <aenertia@aenertia.net>
Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com
	[IPv6:2a00:1450:4010:c04::22c])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 8703921F2CE
	for <cerowrt-devel@lists.bufferbloat.net>;
	Mon, 22 Sep 2014 01:01:28 -0700 (PDT)
Received: by mail-lb0-f172.google.com with SMTP id p9so5601734lbv.17
	for <cerowrt-devel@lists.bufferbloat.net>;
	Mon, 22 Sep 2014 01:01:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=aenertia.net; s=dkimaenertianet;
	h=mime-version:sender:in-reply-to:references:from:date:message-id
	:subject:to:cc:content-type:content-transfer-encoding;
	bh=owOAwqT20oLb9Nd59jdFaTRod3TZho6j8x0fxiUDebM=;
	b=IK/mIwBg3XjB7Np5PfcMm20Av4tZ73Z+9uJI3Wn9ryjh7rMNkkyyN6g06ggAsPaYDF
	zmHHjhL+osNwiKLzTMmRgWahyQ+fqWHBHp5kNvjEwphq8EiWylMdTSkCJ5MtDP3rZEWZ
	RctJqYrN91oImJst7PYYVZ8d4czkl/AZWfLpw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
	:date:message-id:subject:to:cc:content-type
	:content-transfer-encoding;
	bh=owOAwqT20oLb9Nd59jdFaTRod3TZho6j8x0fxiUDebM=;
	b=gB6Ur4AYZ5IHeo6Y3Zv/iR68cV7+HngNO3HBqgsOL6kcq8YmMAffbNzrSnirE4xeuE
	V1kptWLw/BBC3N5IMv32M1gQ9mpgHjl0rLKFV3omeHgGWi6px2LnQnzwqtHuSHwYUWf6
	e/Efd1ozoPAoXRRoHelb3aN1wS1UP6L61iA725s55OvZTETwFxTfK3RQAzdBWMlGHvVs
	BQNMUJ8sldcuKNGoR4DFBgV0u64SQNFwNwZqdP/jA+AMCi2XMCE6vEXdFKuKg/c3xMM8
	GpDE/sD06MrQ2a8CGWn7Xdf4vvz6+Ch0dgWemfxuBh3oy5Rou4OcO481+HmjD140xdgh
	Q45w==
X-Gm-Message-State: ALoCoQk7riNlMEFTiC6fNPvWnqAyaTXtBWVyM9+hNVOkYmbXc6ZtsVWAtgpJQjsriccqeZjdvUiA
X-Received: by 10.152.197.2 with SMTP id iq2mr1039320lac.87.1411372886180;
	Mon, 22 Sep 2014 01:01:26 -0700 (PDT)
MIME-Version: 1.0
Sender: aenertia@aenertia.net
Received: by 10.25.16.168 with HTTP; Mon, 22 Sep 2014 01:01:06 -0700 (PDT)
In-Reply-To: <CAA93jw6d9_gOWVLkxXmFzVK89KYMKJLDKDiXVcEVL=zFAhEMSw@mail.gmail.com>
References: <20140922041822.6AB7A3C2BF7@z.eggo.org>
	<CAA93jw6d9_gOWVLkxXmFzVK89KYMKJLDKDiXVcEVL=zFAhEMSw@mail.gmail.com>
From: =?UTF-8?Q?Joel_Wir=C4=81mu_Pauling?= <joel@aenertia.net>
Date: Mon, 22 Sep 2014 20:01:06 +1200
X-Google-Sender-Auth: 6tfO_Yt6etnpIjdWW19_2gzo7O4
Message-ID: <CAKiAkGQodNdFW5H6NZj69WTRQDL8DKSeDM3CTxq2dtZi9hJ4kg@mail.gmail.com>
To: Dave Taht <dave.taht@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: cerowrt-users <cerowrt-users@lists.bufferbloat.net>,
	Eric Johansson <esj@eggo.org>, "cerowrt-devel@lists.bufferbloat.net"
	<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] [Cerowrt-users] Open VPN config
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2014 08:01:58 -0000

I've found that OpenVPN on the ar71xx boards with tls-client security
and UDP based tunnel encap max hit a cpu bound upper transfer limit of
about 10mbit.

Just FYI.

-Joel

On 22 September 2014 17:21, Dave Taht <dave.taht@gmail.com> wrote:
> Eric:
>
> Most of the cerowrt folk are on cerowrt-devel.
>
> http://wiki.openwrt.org/doc/howto/vpn.openvpn has some doc on setting
> up openvpn on openwrt which mostly applies to cerowrt.
>
> Your internal hosts should be able to initiate a vpn connection
> through a cerowrt box, no problem.
>
> As for routing the vpn, you do have to allow the ips in with bcp38,
> among other things. If you post your route table here (or to a bug in
> the cerowrt database) perhaps that will show something.
>
> As for generating keys and CA on the router itself - well, it's safer,
> faster and there is more entropy if you do that on a separate box
> entirely.
>
>
> On Mon, Sep 22, 2014 at 7:18 AM, Eric Johansson <esj@eggo.org> wrote:
>> Install the latest cerowrt so far so good. I'm trying to set up Open VPN=
 configuration on it. I need to set of one client connection and 1 server s=
ide connection.
>>
>> On the client side, everything came up I can access from the cerowrt box=
 but not from any machine on my internal network. I suspect there are firew=
all rules missing . Yes, I saw all the internal routes to all of the networ=
ks at the far end.
>>
>> Any pointers would be appreciated.
>>
>> On the server side, I'm not sure what to do exactly. I'm not thrilled ab=
out making a CA run on the cerowrt box. I'm tempted to run Tiny CA internal=
ly and move certificates over as needed. Suggestions are welcome.
>> _______________________________________________
>> Cerowrt-users mailing list
>> Cerowrt-users@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-users
>
>
>
> --
> Dave T=C3=A4ht
>
> https://www.bufferbloat.net/projects/make-wifi-fast
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel