R. Luoma wrote:
I would like to set up a wireless bridge between
two wired networks in my house.
I am finding almost too much and not completely consistent
flood of information in my web-searches.
dd-wrt has been mentioned several times on this list,
though there seems to be a wide variety of hardware
support (or not supported, depending on the whims of
manufacturers).
I would appreciate:
- do people recommend dd-wrt?
The thing to understand about the 3rd party router firmware is that each
project falls into one of two groups: firmware that is derivative of the
manufacturer's firmware, and firmware that is built independently.
Projects like DD-WRT and Tomato[1] are derivative. The advantage is that
they make use of the proprietary drivers supplied by the chipset
manufacturers and thus tend to support a wider variety and more recent
hardware. They also tend to come with GUIs that cover typical
interactions and extend upon what the manufacturer's GUI could do. The
disadvantage is that they might be less flexible, less capable (for
advanced configurations), and less stable.
1. http://www.polarcloud.com/tomato
Projects like OpenWRT[2] provide an independently built Linux
distribution using open source drivers. It tends to take longer before
they support any given hardware, and for some hardware that can't easily
be reverse engineered, it will never be supported. How things work in
OpenWRT is less of a black box compared to the derivative firmwares.
It used to not come with a GUI, but I believe one or more GUIs are now
available.
2. http://openwrt.org/
I used to use DD-WRT, but had stability issues. I only tried it on a
couple of versions of the classic Linksys WRT54G, so I can't say whether
it was a hardware or software issue. When I upgraded to ASUS RT-N16
hardware, I took a look at what 3rd party firmware was trending more
favorably, and went with Tomato, specifically the variation that
supports USB[3]. I've ran across a few bugs, but generally stability has
been good.
3. http://tomatousb.org/
One standout feature of Tomato compared to DD-WRT is that it properly
handles version upgrades without requiring you to reset the non-volatile
memory of the router. With DD-WRT they recommend that after each upgrade
you reset everything and then reconfigure the router.
I haven't had occasion to use OpenWRT, but I'd tend to recommend one of
the derivative firmwares first, unless what you need to do is complex
and beyond their ability.
Linux Journal has published a series of articles on building a
transparent firewall with OpenWRT[4], which can give you a flavor of
what its like to work with OpenWRT.
4. http://www.linuxjournal.com/article/10816
Keep in mind that supposedly none of the Linux-based firmwares are
really high performance[see also 4] or enterprise quality. Though for
almost the same price you can achieve that, using something like the
RouterStation Pro[5] and the FreeBSD based pfSense[6]. (Anyone with
first hand experience with these? I'm considering building a
router/firewall with them.)
5. http://www.ubnt.com/
6. http://www.pfsense.org/
- anything else regarding wireless bridges that I should know?
I haven't had occasion to setup a wireless bridge, but I've ran across
many mentions of people setting them up on the DD-WRT and OpenWRT
forums. At times there have been bugs that have prevented this from
working. But it is a pretty common need.
My recommendation would be to do some data mining specifically in the
forums for Tomato and DD-WRT and go with whichever people seem to be
reporting the most success with at the moment.
- what encryption options are available?
You should be able to use WPA/AES, which is the preferred WiFi
encryption option. Someone else mentioned a VPN, which you can use too,
though it is probably overkill if the other end of the LAN is your
private LAN behind a firewall. My personal preference is to use
encrypted protocols wherever possible, even on a LAN. Either way, you'll
want to still use WPA/AES, otherwise you are vulnerable to ARP
spoofing[7] and other attack vectors, even if you use a VPN.
7. http://en.wikipedia.org/wiki/ARP_spoofing
- recommendations on what hardware is currently available
If you don't need 802.11N, then you have hundreds of choices.
If you do, I like the ASUS RT-N16 hardware, though it uses a chipset
that doesn't come with open source drivers, and thus will likely never
be supported by OpenWRT.
Hardware selection is something the 3rd party firmware projects could do
a better job at. The question constantly comes up on their forums, but
it can be difficult extrapolate a top pick from the discussion. They
really need a rating database, where you can plug-in some criteria, like
needing 802.11n, and then get results sorted by price, performance,
success, etc.
- if so, how do I avoid bricking?
The issue of bricking tends to scare off a lot of people. I tend to
think it is a non-issue, as long as you follow the