Linux Router Project

Linux WAN/VPN Router Project

This project is just some ideas that I'm kicking around. The idea is to utilize VPN technology to create a secure point to point connection to end points, then creating a GRE tunnel within the VPN so that you can utilize dynamic routing protocols, such as OSPF. Cisco does this quiet nicely by utilizing what they call "Dynamic Multipoint VPN". Right now this is just a brain-storm of everything that I would need to accomplish this. The main goal of this project is to provide an effective low-cost solution, while utilizing open source solutions, and to make it as small as possible. Possibly even make available for embedded devices or let it boot off of compact flash, USB drives, or CD-ROM.

I haven't chosen a Linux distribution to use yet. I'm not entirely sure if I want to create my own with Linux From Scratch or use a distribution like Slackware or Ubuntu.

Packages:

So far, the packages that I know will be included are:

• Quagga - Quagga will provide services dynamic routing, such as OSPF.
• Iproute2 - Iproute2 will provide the utlities to create GRE tunnels so that the dynamic routing protocols can be implemented over the VPN connection.
• OpenSSL OpenSSL provides libraries that are needed by OpenVPN and OpenSSH.
• OpenSSH OpenSSH provides the ability to remotely access the routes, securely.

IPSec, what to do? What to do?

There appear to be many different implementations of IPSec for Linux. I'm going to have to research that a bit to determine which would be better for the job. Here are some of the packages that I'm looking into:

• IPSec Tools - Linux port of the BSD KAME implementation.
• strongSwan - Variant of the debunct FreeS/WAN with x.509 support.
• Openswan - Variant of the debunct FreeS/WAN.

Information about using GRE over IPSec:

• GRE over IPSec with EIGRP
• Point-to-Point GRE over IPSec Design Guide
• OSPF with GRE over IPSec on Linux