July 5, 2008

Router hacking (part 2)

I've been using the Tomato firmware for almost a year so far for both home and work. It's a wonder that little home routers can be made much more capable by using free open source firmware, and can be used in a business setting requiring 24/7 uptime and true stability.

Right now I have two ASUS WL-500g Premium's running Tomato with the VPN mod. The WL-500gP's were specifically bought to run Tomato and site-to-site VPN and I've been very happy with them so far. The VPN link is up 24/7 and will reconnect automatically when disconnected. Each side has an ADSL 5 Mb / 512 Kb connection shared by about 50 users. The users are not heavy Internet users except during non-working hours (company policy forbids playing during working hours) but they depend on the link for email (Google Apps). There are also SQL Servers on both sides of the link, and the users constantly need to access data from the other side. The VPN tunnel isn't very fast because my outgoing speed is only 512 Kb, but the users aren't complaining.

I also have a Buffalo WHR-HP-G54 running Tomato with Victek's mod. The WHR-HP-54 was bought as a test unit to see if the signal booster actually works in real life, and as a backup unit in case I run out of routers. Currently, the WHR-HP-54 is running behind a commercial G.SHDSL 2/2 Mb link serving about 50 users. The users are very heavy Internet users (no company policy regarding Internet usage) and the link is almost constantly used at maximum capacity. Besides downloading music and nudie pics, the users also depend on the link for lesser important things like the company's email (residing on the ISP's POP3 server) and shared calendar (Google Calendar). Victek's mod is used to attempt to limit the users' bandwidth usage. Before using Tomato, the link is saturated at 2/2 Mb every day from 8 to 5.

I still have the Linksys WRT54GL units that I bought for testing originally. One is running plain Tomato at home. The rest are being used as test/backup units or as plain access points with the WAN port disabled.

More to follow...

No comments: