I would like to hear some thoughts about running openwrt on a small office (~ 50 employees) to perform the following functionality:
- IP leasing
- applying SQM (cake)
- provide vpn access (openvpn server for multiple users)
It would run on top of a dedicated x64 old server with 3 GB ram.
Internet usage is the new normal: normal internet access (browsing) + 4 estimated max simultaneous video meetings
Internet link: dedicated 40 Mbps
My current concerns: is it capable of handling such overall workload? Is it safe?
Yes, should be fine.
I have an "old" x86 doing 1/1 gbit (not running OpenWRT though) without it being seen on the CPU load.
Define safe, being on the internet is, per definition, not "safe".
If you want to be "safe", don't connect to the internet.
That would certainly ease my work, but I suspect they would fire me the next day
Actually, I was thinking about keeping it up to date, but someone has better described that. This might be an issue in the long run.
@vgaetera Thanks, I'll take a look. At first glance, it doesn't seem so easy to set up like, for instance, pfSense, where you set up a vpn server once, then you just add certificates to any users you want to enable vpn, and you're ready.
@vgaetera I didn't know Wireguard, thanks for advising it.
After a quick read, it seems to fulfill all my needs.
But I noticed its latest stable release dates back to Sep/2019. Is it frozen?
Assuming that WireGuard is included in the kernel, its version should be related to the OpenWrt kernel version that is more or less frozen during a specific release lifetime.
Stable releases rely on the LTS kernel and typically receive only bugfixes and security updates which are applied as separate patches to a specific software release.
The current WireGuard version is considered stable, secure and fully compatible with other server, desktop and mobile clients.