[Cerowrt-devel] [Cerowrt-users] Open VPN config

Joel Wirāmu Pauling joel at aenertia.net
Mon Sep 22 04:01:06 EDT 2014 

I've found that OpenVPN on the ar71xx boards with tls-client security
and UDP based tunnel encap max hit a cpu bound upper transfer limit of
about 10mbit.

Just FYI.

-Joel

On 22 September 2014 17:21, Dave Taht <dave.taht at gmail.com> wrote:
> Eric:
>
> Most of the cerowrt folk are on cerowrt-devel.
>
> http://wiki.openwrt.org/doc/howto/vpn.openvpn has some doc on setting
> up openvpn on openwrt which mostly applies to cerowrt.
>
> Your internal hosts should be able to initiate a vpn connection
> through a cerowrt box, no problem.
>
> As for routing the vpn, you do have to allow the ips in with bcp38,
> among other things. If you post your route table here (or to a bug in
> the cerowrt database) perhaps that will show something.
>
> As for generating keys and CA on the router itself - well, it's safer,
> faster and there is more entropy if you do that on a separate box
> entirely.
>
>
> On Mon, Sep 22, 2014 at 7:18 AM, Eric Johansson <esj at eggo.org> wrote:
>> Install the latest cerowrt so far so good. I'm trying to set up Open VPN configuration on it. I need to set of one client connection and 1 server side connection.
>>
>> On the client side, everything came up I can access from the cerowrt box but not from any machine on my internal network. I suspect there are firewall rules missing . Yes, I saw all the internal routes to all of the networks at the far end.
>>
>> Any pointers would be appreciated.
>>
>> On the server side, I'm not sure what to do exactly. I'm not thrilled about making a CA run on the cerowrt box. I'm tempted to run Tiny CA internally and move certificates over as needed. Suggestions are welcome.
>> _______________________________________________
>> Cerowrt-users mailing list
>> Cerowrt-users at lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-users
>
>
>
> --
> Dave Täht
>
> https://www.bufferbloat.net/projects/make-wifi-fast
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel

More information about the Cerowrt-devel mailing list