[geeks] software for WRT54G

[Charles Shannon Hendrix]

Wed, 20 Jun 2007 @ 23:13 +0100, Mike Meredith said:

> On Wed, 20 Jun 2007 17:37:50 -0400, Charles Shannon Hendrix wrote:
> > Well, the problem with that is I really don't want that on the
> > "outside" LAN.
> 
> Well, I really only mentioned it because it demonstrates how flexible
> OpenWRT is and if I were to do VPNs, it's how I would do it. 

Might look at that.

> > I have a V3 WRT54G which supposedly has the Linux based firmware
> > instead of the proprietary stuff in V5 and higher hardware, if that
> > matters.
> 
> It gives you more resources to play with. I think mine is a V3 ... or
> at least something similar. And in answer to another question, with
> Tomato I have 19.5Mb free ... enough for quite a few routes or firewall
> rules.

True.

As a followup, I got VPN working.

It turned out to be a silly issue.

For whatever reason, VPN on the SG300 cannot bind to the local address,
it has to use the WAN address.  Since my SG300's "WAN" address is really
an address on the "outside" network, I didn't really want to do it that
way, but it turns out to work fine.

Because VPN only has two "hop" fields, I think this is the only way to
do it.

Either that or the SG300 assumes it is the gateway and refuses to allow
any other configuration.

Hmmm... I could try editing ipsec.conf manually.  It might just be that
the GUI configuration is so gateway centric, it doesn't give the options
you could get by a direct edit.

For the time being, this problem is solved.

If any of you ever do what I did, just remember the SG300 wants the VPN
bound to an "external" interface.  Silly, but that's how it works.

-- 
shannon           | An Irishman is never drunk as long as he can hold onto 
                  | one blade of grass and not fall off the face of the earth.