[SLL] WRT54GL --> wireless to wired repeater?

Derek Simkowiak dereks at realloc.net
Wed Dec 24 21:35:45 PST 2008 

Somebody else might suggest this... and I'll know *why* it's a Bad Idea. :)


    I agree that the WRT54GL processor is small potatoes.  But I 
disagree that using it for VPNs is a bad idea. 

    I don't know what's up with Jarod's setup, but with OpenVPN I get 8x 
faster that him, i.e., over 400K-Bytes/sec with a WRT54GL running both 
ends of the VPN.

    For  two WRT54GLs talking to each other, creating a transparent VPN 
(so that computers plugged in to the WRT54GLs do not run, use, or even 
know about, any VPN software at all), I get 3.4 Mbit/sec:

Performance

Using Linksys WRT54GL v1.1
(as both client and server OpenVPN appliances)
CPU Model: Broadcom BCM5352 chip rev 0

SCP File transfer w/CPU at 200 MHz: 313 KB/s
SCP File transfer w/CPU at 250 MHz: 423 KB/s

Thus, estimated OpenVPN User Capacity (w/CPU at 250 MHz):

For users with 768 Kbit DSL:
About 4-5 users (100% usage, like big downloads)
About 10-20 users (intermittant usage, like web or shell traffic)

For users with 128 Kbit dial-up modems:
About 25 users (100% usage, like big downloads)
About 50-100 users (intermittant usage, like web or shell traffic)

    I've had VPNs running fine for months, and I've spoken to an ISP 
that uses the same DD-WRT setup in their operations.  For remote offices 
or SOHO, the WRT54GL is fine (even with its weak BCM5352).


--Derek

Glenn Stone wrote:
> On Wed, Dec 24, 2008 at 11:57:06PM -0500, Jarod Wilson wrote:
>   
>> I'm not particularly familiar with OpenVPN, specifically, what sort of
>> crypto it does, but one definite down side to using a WRT54G{,L,S} as a
>> VPN appliance: they SUCK for ipsec throughput. For grins, I set up my
>> own WRT54GS with openwrt, and tried connecting it to one of the Cisco
>> VPN concentrators at work. Got it connected just fine with both vpnc and
>> openswan, passing traffic from boxes behind it and all, but the
>> throughput was *miserable*.
>>     
>
>   
>> The main problem is that the lowly cpu simply can't keep up with the
>> crypto ops. If I'm remembering correctly, vpnc traffic maxed out at
>> 400kbps (yes, kilobits, not kilobytes), due to the processor being
>> pegged. Openswan fared better (in-kernel crypto vs. pure userspace
>> implementation), maxing out a 1.2Mbps (3x vpnc). With a
>> non-cpu-encumbered setup I can routinely max out my incoming bandwidth
>> (20Mbps).
>>     
>
> *nods* no, I intend to do the encryption at the ends of the connection, not
>  the poor widdle router, what doesn't even have enough of a CPU to have a
>  fan... all's I want the GL to do is pass bits. :)  
>
> Thanks for the tidbit, though.  Somebody else might suggest this... and I'll
> know *why* it's a Bad Idea. :)
>
> -- Glenn
>

More information about the linux-list mailing list