July 4, 2008

Router hacking (part 1)

I've been a loyal customer of Kerio Winroute Firewall for many years, since back when it was called WinRoute Pro. KWF is a great product, easy to setup and configure, and the tech support people were great. I ran into a problem a few years ago where if the site-to-site VPN got disconnected, it would not reconnect correctly unless I manually disconnect the VPN tunnel, then manually connect it after five minutes had passed. The tech support guys walked me through possible scenarios for months until we finally figured out the problem. (The problem was that the ISP supplied routers that I was using didn't pass the real IP address, I solved the problem by buying cheap USB ADSL modems.)
After a few years of using KWF, I started looking for alternatives simply due to cost. KWF has a yearly subscription cost based on the number of Internet users. By then hardware routers had come down in price, and various open source software routers had been released in stable form. I also heard about loading third-party firmware onto home routers, so I bought a few Linksys WRT54GL's for testing.

The KWF systems probably knew that I was phasing them out, so one day they suddenly broke down and would not let me access Google Apps correctly, while all other websites worked. Since my company's mail was hosted on Google Apps, I had to come up with a solution very quickly.
Since I had the WRT54GL's on hand, I replaced the KWF systems with them. I installed DD-WRT/VPN on the routers, and quickly got everything to work. Unfortunately, DD-WRT would sometimes randomly reset and I would lose all configurations.

After googling for a solution, I came upon Tomato Firmware. Tomato looked great and was even easier to setup than DD-WRT. It also didn't have the random reset and losing all configuration problem. Unfortunately, there was no VPN version. After more googling, I found someone had modified Tomato and added OpenVPN to it. Wow!
I tested Tomato with site-to-site VPN for a few days using the WRT54GL's and decided to go with Tomato, so I bought two ASUS WL-500g Premium's and installed Tomato on them. The ASUS routers have faster CPU and more RAM than the WRT54GL's, and also has two USB ports for connectings things like printers or webcams. Eventhough Tomato can't make use of the two USB ports, but my main use is Internet connectivity and site-to-site VPN, and the faster CPU and additional RAM helped.
I won't be renewing my KWF subscription this year.