Dear friends,
I thought it might be interesting to share a bit of history
about the routers we've used to host our core infrastructure.
Keep in mind we've had virtually no budget for any equipment.
Originally, we used a D-Link DSR-250 [1], an 8-port VPN router
for small businesses. It required several firmware updates and
generally worked well except its UI was slow and it would also
reboot randomly. UI sessions would time out just 10 minutes
after login even if you were actively configuring it. I suspect
it just didn't have the resources to handle Internet space junk.
The VPN part never worked right.
Then it stopped receiving security updates.
The rebooting issue made it unsuitable for data center use so we
decided to replace it ASAP to avoid near-daily connection drops.
We replaced it with a Cisco RV-260 [2], another 8-port VPN
router for small businesses. It required several firmware
updates and generally worked well except its UI had some
annoying quirks, such as with copy/pasting MAC addresses, etc.
This was some slick hardware. While not remotely designed for
any advanced configuration, it had a pretty nice UI and worked
reliably for years. It didn't support HE Tunnel Broker properly.
The VPN part never worked right, either.
Then it stopped receiving security updates.
The nail in the coffin was its incompatibility with some of the
routing methods our ISP used, so we could not add more WAN IPs.
But we have also been looking for solutions that can be managed
programmatically as we evolve to automate our infrastructure.
We replaced it with an ODROID H3+ [4] running pfSense [5]. I've
been using pfSense for over a decade in commercial and private
settings, so it seemed a natural choice if it could be persuaded
to work on the H3+. Turns out it works beautifully*.
(*) In addition to manually having to enable some NIC firmware,
at least two bugs were discovered in pfSense that led to
some wasted hours during configuration and testing, but it
does work reliably and *feels* like it has better latency.
And now we have native IPv6 connectivity, too, which we'll
configure and enable in the coming days, AAAA records and all.
Please report any connectivity, performance, or access issues.
Zach
[1]:
https://support.dlink.com/productinfo.aspx?m=DSR-250
[2]:
https://www.cisco.com/c/en/us/support/routers/small-business-rv-series-routers/series.html
[3]:
https://tunnelbroker.net/
[4]:
https://www.hardkernel.com/shop/odroid-h3-plus/
[5]:
https://pfsense.org/
Received on Tue Jan 14 2025 - 01:25:29 CET