adsl card advice

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

adsl card advice

mediomen27
Hi,
I want build an openbsd firewall based on soekris hardware. Anyone could
help me to choice an adsl card to install on soekris hardware ?
thank you very much
MedioMen

Reply | Threaded
Open this post in threaded view
|

Re: adsl card advice

David Coppa
On Fri, Feb 28, 2014 at 12:48 PM, mediomen27 <[hidden email]> wrote:
> Hi,
> I want build an openbsd firewall based on soekris hardware. Anyone could
> help me to choice an adsl card to install on soekris hardware ?
> thank you very much
> MedioMen

net5501 + Traverse Viking PCI ADSL2+ (e.g.: http://traverse.kd85.com/)

ciao,
David

Reply | Threaded
Open this post in threaded view
|

Re: adsl card advice

Stuart Henderson
On 2014-02-28, David Coppa <[hidden email]> wrote:

> On Fri, Feb 28, 2014 at 12:48 PM, mediomen27 <[hidden email]> wrote:
>> Hi,
>> I want build an openbsd firewall based on soekris hardware. Anyone could
>> help me to choice an adsl card to install on soekris hardware ?
>> thank you very much
>> MedioMen
>
> net5501 + Traverse Viking PCI ADSL2+ (e.g.: http://traverse.kd85.com/)
>
> ciao,
> David
>
>

Viking has been EOL for ages. After the Viking, Traverse started doing
"solos" cards which were a "proper" adsl adapter rather than a
router-on-a-pci-card, but these seems to have disappeared too, now they
do "geos" boards which have a geode cpu (LX800; similar to 5501) and
onboard ADSL. I believe both the latter only have driver support in
Linux.

There are cards similar to the Viking (i.e. basically a
hybrid of a PCI ethernet card with an ADSL modem/router) -
http://linitx.com/category/adsl/47/147,47 - as with the Viking you
configure them by connecting to the web interface or telnet.

I don't much like any of these, it's usually better and cheaper (and
easier to replace failed hardware, which is usually on the ADSL side..)
if you just get a separate ADSL router and live with a little extra mess...

Reply | Threaded
Open this post in threaded view
|

Re: adsl card advice

mediomen27
Thank you very much for your answer and I am sorry for the late.
I don't like very much router-on-pci-card and I would like to buy a pure
adsl modem like traverse solos.

But is "Traverse Solos" supported under obsd ?
Also solos seems EOL because I have not found it anymore on the site.
About separate adsl router I think they are pretty unsafe and very easy
download the firmware from the vendor site, hack it and flash the device.
And all the home adsl router u can find are linux based with all security
problems that linux has.
For these reasons I want make my own obsd router but what other choice I
have to connect it to an adsl ??
it's very strange to have so many problems to make a router under openbsd
when it should born for it.

Thank you



2014-03-03 19:16 GMT+00:00 Stuart Henderson <[hidden email]>:

> On 2014-02-28, David Coppa <[hidden email]> wrote:
> > On Fri, Feb 28, 2014 at 12:48 PM, mediomen27 <[hidden email]>
> wrote:
> >> Hi,
> >> I want build an openbsd firewall based on soekris hardware. Anyone could
> >> help me to choice an adsl card to install on soekris hardware ?
> >> thank you very much
> >> MedioMen
> >
> > net5501 + Traverse Viking PCI ADSL2+ (e.g.: http://traverse.kd85.com/)
> >
> > ciao,
> > David
> >
> >
>
> Viking has been EOL for ages. After the Viking, Traverse started doing
> "solos" cards which were a "proper" adsl adapter rather than a
> router-on-a-pci-card, but these seems to have disappeared too, now they
> do "geos" boards which have a geode cpu (LX800; similar to 5501) and
> onboard ADSL. I believe both the latter only have driver support in
> Linux.
>
> There are cards similar to the Viking (i.e. basically a
> hybrid of a PCI ethernet card with an ADSL modem/router) -
> http://linitx.com/category/adsl/47/147,47 - as with the Viking you
> configure them by connecting to the web interface or telnet.
>
> I don't much like any of these, it's usually better and cheaper (and
> easier to replace failed hardware, which is usually on the ADSL side..)
> if you just get a separate ADSL router and live with a little extra mess...

Reply | Threaded
Open this post in threaded view
|

Re: adsl card advice

Stuart Henderson
On 2014/04/25 10:13, mediomen27 wrote:
> Thank you very much for your answer and I am sorry for the late.
> I don't like very much router-on-pci-card and I would like to buy a
> pure adsl modem like traverse solos.
>
> But is "Traverse Solos" supported under obsd ?

No, it is not.

> Also solos seems EOL because I have not found it anymore on the site.

Correct it is EOL, they are now only doing the Geos (which is a
soekris-like board with a built-in ADSL chip, not a separate PCI card).

> About separate adsl router I think they are pretty unsafe and very easy
> download the firmware from the vendor site, hack it and flash the
> device. And all the home adsl router u can find are linux based with
> all security problems that linux has.
> For these reasons I want make my own obsd router but what other choice
> I have to connect it to an adsl ??
> it's very strange to have so many problems to make a router under
> openbsd when it should born for it.

Personally I use an external router configured as a bridge, and
configure pppoe on the OpenBSD side (with baby jumbos and RFC4638 where
possible to avoid getting a restricted MTU). That way the router doesn't
have external IP connectivity thus avoiding many of the problems you
might run into, and meaning that any complex configuration is done on
the OpenBSD box; it's then also pretty easy to swap out a spare router
in case of hardware failure (which in my experience is more likely to
occur for something that connects to a phone line).

Even with something like the Solos you still have hardware running some
proprietary firmware/dsp code on a processor with potential for bugs.
Mind you, it's even the same for a lot of ethernet NICs...

Reply | Threaded
Open this post in threaded view
|

Re: adsl card advice

Kaya Saman-2
On 04/25/2014 11:32 AM, Stuart Henderson wrote:

> [...]
>> About separate adsl router I think they are pretty unsafe and very easy
>> download the firmware from the vendor site, hack it and flash the
>> device. And all the home adsl router u can find are linux based with
>> all security problems that linux has.
>> For these reasons I want make my own obsd router but what other choice
>> I have to connect it to an adsl ??
>> it's very strange to have so many problems to make a router under
>> openbsd when it should born for it.
> Personally I use an external router configured as a bridge, and
> configure pppoe on the OpenBSD side (with baby jumbos and RFC4638 where
> possible to avoid getting a restricted MTU). That way the router doesn't
> have external IP connectivity thus avoiding many of the problems you
> might run into, and meaning that any complex configuration is done on
> the OpenBSD box; it's then also pretty easy to swap out a spare router
> in case of hardware failure (which in my experience is more likely to
> occur for something that connects to a phone line).
>
> Even with something like the Solos you still have hardware running some
> proprietary firmware/dsp code on a processor with potential for bugs.
> Mind you, it's even the same for a lot of ethernet NICs...
>


I agree with Stuart on this one.

Before building my router I considered using an ADSL PCI card. To be
honest it's probably a better and easier practice to use ATM-to-Ethernet
bridging. That way the OpenBSD box does everything including firewall
and NAT so really how secure you make the system is up to you.

p.s. am just butting in here as Stuart helped me a lot with that too so
am just offering my take :-)


Regards,


Kaya

Reply | Threaded
Open this post in threaded view
|

Re: adsl card advice

Kevin Chadwick-2
previously on this list Kaya Saman contributed:

> p.s. am just butting in here as Stuart helped me a lot with that too so
> am just offering my take :-)

I have an ADSL2 VIGOR 120 pppoe modem that has been great and Stu
incidentally advised me on. Thanks again Stu.

Cost ~£60. You can have it for £30 including postage if you want? I've
now got to find a simple fibre bridge at an OK price. I asked the ISPs
about the ones they supply doing bridge mode and they suggested one if I
asked specifically for it but I found it was an ADSL one.


--
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
_______________________________________________________________________

I have no idea why RTFM is used so aggressively on LINUX mailing lists
because whilst 'apropos' is traditionally the most powerful command on
Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool
to help psychopaths learn to control their anger.

(Kevin Chadwick)

_______________________________________________________________________

Reply | Threaded
Open this post in threaded view
|

Re: adsl card advice

Liviu Daia-3
In reply to this post by Stuart Henderson
On 25 April 2014, Stuart Henderson <[hidden email]> wrote:
[...]
> Personally I use an external router configured as a bridge, and
> configure pppoe on the OpenBSD side (with baby jumbos and RFC4638
> where possible to avoid getting a restricted MTU). That way the
> router doesn't have external IP connectivity thus avoiding many
> of the problems you might run into, and meaning that any complex
> configuration is done on the OpenBSD box; it's then also pretty easy
> to swap out a spare router in case of hardware failure (which in my
> experience is more likely to occur for something that connects to a
> phone line).
[...]

    Tangentially related: I used to have this exact setup a few years
ago.  It worked well, with two notable quirks.  First, it was actually
easier to make it work with userspace pppd first, then duplicate the
setup with the kernel pppd.  That's because the diagnostics produced by
the userspace pppd were much better then the kernel's ones, and they
allowed me to figgure out the exact combination of switches required by
my ISP.  The diagnostics from the kernel pppd were much less useful,
and every single change in config required a reboot (or at least that's
what I thought at the time).  I believe the userspace pppd is gone these
days.

    Second, the interface would simply disappear when the line went
down, and that was mildly annoying.  Various applications didn't like
that; they would typically crash if I bound them to the interface, and
said interface went away under their feet. :) I haven't checked in a
long while if this is still the case, but it's something you might want
to keep in mind.

    Regards,

    Liviu Daia

Reply | Threaded
Open this post in threaded view
|

Re: adsl card advice

Stuart Henderson
In reply to this post by Kevin Chadwick-2
On 2014-04-25, Kevin Chadwick <[hidden email]> wrote:
> I've now got to find a simple fibre bridge at an OK price. I asked the ISPs
> about the ones they supply doing bridge mode and they suggested one if I
> asked specifically for it but I found it was an ADSL one.

Since you're in the UK .. the standard openreach modems (eci/huawei vdsl modem
which are confusingly named "fibre", and also the actual fibre ONTs for FTTP)
just act as a bridge and work fine with RFC4638 for 1500 MTU (ifconfig em0
mtu 1508; ifconfig pppoe0 mtu 1500).

Only problem is if you're using an ISP which doesn't use the standard
modem but their own integrated vdsl modem+router instead, easiest option
there is probably to get a standard eci/huawei modem off ebay, there are
loads on all the time.