I've found that OpenVPN on the ar71xx boards with tls-client security and UDP based tunnel encap max hit a cpu bound upper transfer limit of about 10mbit.
Just FYI. -Joel On 22 September 2014 17:21, Dave Taht <[email protected]> wrote: > Eric: > > Most of the cerowrt folk are on cerowrt-devel. > > http://wiki.openwrt.org/doc/howto/vpn.openvpn has some doc on setting > up openvpn on openwrt which mostly applies to cerowrt. > > Your internal hosts should be able to initiate a vpn connection > through a cerowrt box, no problem. > > As for routing the vpn, you do have to allow the ips in with bcp38, > among other things. If you post your route table here (or to a bug in > the cerowrt database) perhaps that will show something. > > As for generating keys and CA on the router itself - well, it's safer, > faster and there is more entropy if you do that on a separate box > entirely. > > > On Mon, Sep 22, 2014 at 7:18 AM, Eric Johansson <[email protected]> wrote: >> Install the latest cerowrt so far so good. I'm trying to set up Open VPN >> configuration on it. I need to set of one client connection and 1 server >> side connection. >> >> On the client side, everything came up I can access from the cerowrt box but >> not from any machine on my internal network. I suspect there are firewall >> rules missing . Yes, I saw all the internal routes to all of the networks at >> the far end. >> >> Any pointers would be appreciated. >> >> On the server side, I'm not sure what to do exactly. I'm not thrilled about >> making a CA run on the cerowrt box. I'm tempted to run Tiny CA internally >> and move certificates over as needed. Suggestions are welcome. >> _______________________________________________ >> Cerowrt-users mailing list >> [email protected] >> https://lists.bufferbloat.net/listinfo/cerowrt-users > > > > -- > Dave Täht > > https://www.bufferbloat.net/projects/make-wifi-fast > _______________________________________________ > Cerowrt-devel mailing list > [email protected] > https://lists.bufferbloat.net/listinfo/cerowrt-devel _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
