On 4/12/06, Eugen Leitl <eugen@leitl.org> wrote:
... An interesting way to increase background encrypted traffic and bypassing NAT tunneling braindeadness is to package the crypto inside the consumer router brick.
I've just reflashed a couple Linksys WRT54GS with OpenWRT, and OpenVPN and Tor are in the standard package depository (there are many others, including Asterisk). The hardware is so cheap that you could easily distribute preflashed routers to end users as authentication token and part of a darknet-like product.
this is an excellent idea. i've played with the old WRT54G's a little bit and it is certainly an amenable piece of equipment for this kind of tweaking. i've had problems trying to get too much on a single unit as the flash space restrictions are tight but there is still enough space to support a decent set of services (like openvpn and tor as you mention).
Some of the Linksys even have crypto accelerators (largely 3DES, I think). I'm not sure how much this is supported already.
this is the only other trouble i've had with them: the crypto bits tend to get sluggish, esp. when negotiating EDH or generating keys. (fortunately this isn't needed all too frequently) i haven't looked at the GS but if they support WPA2 they should also support AES; it would be nice if this AES engine could be used for general offload in addition to WPA2 traffic :) i'm going to have to get one to tinker with...