XP Linksys DHCP Hatred

Hans Fugal hans at fugal.net
Tue Sep 27 13:42:04 MDT 2005


On Tue, 27 Sep 2005 at 12:37 -0600, Chris Carey wrote:
> > >I might agree with you if it weren't for openvpn, but setting up openvpn
> > >is MUCH simpler than playing firmware games with your router. Maybe
> > >you'd like to know that openvpn is very easy to work with NATs and
> > >firewalls (just forward port 1194 udp), runs on linux, windows, and mac,
> > >and uses time-proven openssl libraries, and is quite simple to configure
> > >compared to ipsec or pptp or other vpn technologies.
> > >
> > >
> > I agree, there is nothing to setup for OpenVPN... very simple. The
> > router does not have to do anything but let
> > the OpenVPN port through. I choose it for its simplicity and
> > transparancy to NAT.
> >
> 
> OpenVPN sounds very cool and I plan to look into it. Does it require a
> custom VPN client on Windows?

Doesn't every VPN? Oh, that's right, there's PPTP. Might as well be
using telnet.

> I could be wrong since I havent tried it yet, but Id beg to differ on
> the claim that setting up OpenVPN is *easier* than doing the same in a
> custom firmware. You already said you updated to the latest linksys
> firmware. Updating to a custom firmware takes exactly the same effort.
> 
> 1) Upload custom firmware (you already updated to the latest linksys
> one - it takes the same ammount of time)
> 2) clicking the "on" button for VPN feature
> 3) type in the username and password and ip range for clients
> 4) Profit!

I'm not familiar with the firmwares out there, but which VPN are they
using? I've done PPTP and I can promise you that although it can be easy
to set up and use in a windows-only environment, it is not easy to set
up _properly_ and use in a heterogeneous environment. Not to mention
it's insecure.  IPSec is never easy, unless you are using proprietary
server/clients with default configurations which almost never fit in the
real world. IPSec/LLTP is even less easy to set up, and it's the only
supported windows configuration without a custom client. But I ramble,
let's look at just the facts.

Upgrade firmware for linksys: 5 minutes. 

Upgrade firmware to another firmware that I've never tried before,
hoping that it doesn't mess something up and then reconfiguring the
router to do what it was doing before and troubleshooting the thing I
forgot to reconfigure: more than 5 minutes.

Install OpenVPN on one computer: 5 minutes. Copy config files from flash
drive and generate a shared secret (which was appropriate for this
site), 1 minute. Punch hole through firewall (when not confronted with a
crazy linksys bug): 1 minute. (don't forget we've also got a dsl modem
to punch through - with openvpn this is one udp port, other vpns require
all kinds of magic)

Install OpenVPN or setup pptp or ipsec/lltp, or any other vpn, on client
box: 5 minutes or so.

Find the stupid norton firewall on the openvpn server box that doesn't
call itself a firewall and hides the configuration interface, and
driving to the remote site and back: 1-2 hours.  :-)

Draw your own conclusions. I've been around the VPN block, and openvpn
is the lowest "TCO" by far, but I've no doubt some of these firmwares
make it real easy to get a VPN up and running.

Man I can ramble.

-- 
 Hans Fugal                 | If more of us valued food and cheer and
 http://hans.fugal.net/     | song above hoarded gold, it would be a
 http://gdmxml.fugal.net/   | merrier world.  
                            |         -- J.R.R. Tolkien
---------------------------------------------------------------------
GnuPG Fingerprint: 6940 87C5 6610 567F 1E95  CB5E FC98 E8CD E0AA D460
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20050927/f3bdb1e6/attachment.bin 


More information about the PLUG mailing list