It would be really groovy for all of the platforms to support secure tunnels, both PPTP and IPsec. Both as servers and clients.

All microsloth machines support PPTP, and IPsec is important in other circles. If nothing else, just PPTP would be ok, but both would be mobetta.

It would be really groovy for all of the platforms to support secure tunnels, both PPTP and IPsec. Both as servers and clients.

All microsloth machines support PPTP, and IPsec is important in other circles. If nothing else, just PPTP would be ok, but both would be mobetta.

That would be interesting, however the current MS Compatible PPTP and IPsec implementations are extreamly bloated (way too large), slow and not really usable on a SBC device. It may be an option for a Server however.

Of course the CPE running on a SBC is limited... but there are faster boards that can be used.

As for bloat, I would suggest having a "fat" version of the CPE, for those willing to put in larger flash memories. I found a deal on 30 meg flash modules a few weeks back, and bought a pile of them, so I'm personally already ready for a "fat" image. Obviously the 8 meg limit should be supported so legacy users have an upgrade path, but a fat CPE would be acceptable if it meant useful features were included. Just be glad I don't beg for a 2 meg "thin" version so I can run it in place of OpenAP... ;)

If we are not restricted to the low-end CPEs, then there is a pissibility to include some nice ipsec or pptp protocols. I'll include it on our list of things to research.

Thanks!

Here's a brainstorm that I had, which would nicely take care of any security issues on my network:

[Public Internet]--[Gateway Router]--[Tunnel Server (ipsec)]--[StarOS AP]--[StarOS CPE (ipsec)]

In this case, the tunnel server would have two physically separate interfaces, one facing the public 'net, and one facing my customer network. The customer traffic is totally encrypted, and the network would be doubly protected. Someone would have to get past MAC authentication and successfully build a tunnel to the tunnel server in order to get public IP connectivity.

Another design that I'd prefer would look like this:

[Public Internet]--[Gateway Router]--[StarOS Server (with IPSec)]--[StarOS CPE (ipsec)]

In this case, the tunnel termination would take place right onto the StarOS Server, thus eliminating extra hardware. The StarOS server has two Ethernet interfaces installed, one public, and one private. Connections to the private (customer network) side only happen once a tunnel is successfully built.

Does anyone know what the max speed of the microsoft 128bit pptp vpn client that is built into dial-up netowrking is?
I see that the snapgear lite and lite+ VPN routers have a max speed of 1 megabit. They are $200 and $300 respectively. Their next higher up model is over $500 bucks and claims 10 megabit VPN.
Along the same line, who else knows of routers that do pptp vpn authentication client?
Bob C

Timo, we like the second option as we could do more than just protection. We will be doing this in good time. Just finishing up a project right now and we'll be back at adding new features shortly.