On 04/25/2014 11:32 AM, Stuart Henderson wrote:
[...]
About separate adsl router I think they are pretty unsafe and very easy
download the firmware from the vendor site, hack it and flash the
device. And all the home adsl router u can find are linux based with
all security problems that linux has.
For these reasons I want make my own obsd router but what other choice
I have to connect it to an adsl ??
it's very strange to have so many problems to make a router under
openbsd when it should born for it.
Personally I use an external router configured as a bridge, and
configure pppoe on the OpenBSD side (with baby jumbos and RFC4638 where
possible to avoid getting a restricted MTU). That way the router doesn't
have external IP connectivity thus avoiding many of the problems you
might run into, and meaning that any complex configuration is done on
the OpenBSD box; it's then also pretty easy to swap out a spare router
in case of hardware failure (which in my experience is more likely to
occur for something that connects to a phone line).
Even with something like the Solos you still have hardware running some
proprietary firmware/dsp code on a processor with potential for bugs.
Mind you, it's even the same for a lot of ethernet NICs...
I agree with Stuart on this one.
Before building my router I considered using an ADSL PCI card. To be
honest it's probably a better and easier practice to use ATM-to-Ethernet
bridging. That way the OpenBSD box does everything including firewall
and NAT so really how secure you make the system is up to you.
p.s. am just butting in here as Stuart helped me a lot with that too so
am just offering my take :-)
Regards,
Kaya
