13. Nov 2016 16:01 by no...@noses.com:
> > Am 13.11.2016 um 14:22 schrieb > hed...@tutanota.com> : > > >> 13. Nov 2016 08:48 by >> amad...@riseup.net>> : >> > Thoughts on this paper and it's conclusions are welcomed > >> > > There is a point where additional components won't give you > defense-in-depth but only additional complexity that will in the end make > you less secure. > > Allowing a backdoored router into your network will, complexity or no complexity, compromise your security. The only conclusion to reach is not to use them wherever possible, or isolate them if their use is mandatory. > >> >> An always-on VPN connection on the router works well but can be a bit >> slow since the processing power of router CPUs is generally quite >> limited. If choosing a router, I'd suggest a dual-core ARM-based >> device. Although openvpn is only single-threaded you can usually >> configure cpu-affinity to place it on one core and the other routing >> tasks on the other core. >> > > One of the GL-Inet small arm(s 8-) ) routers is sufficient for 80 > MBit/s (see > https://www.gl-inet.com/> ). I'm using one of their "Mifi" > devices (> https://www.gl-inet.com/mifi/> ) to write this and right now it > is holding up quite well with 150 MBit/s LTE plus an OpenVPN on top of it. > The only problem is the about 1MBit/s I'm getting from their uplink. > > I've never come across these devices. They look like good value for money. > >> >> For those who want to go beyond around 20-25 Mb/s, which is where an >> ARM router will start to reach its limits >> > > Seriously? I doubt that. Right now I'm using an ASUS RT-AC5300 (ARM, > dual core) router on a 400/20 MBit link (residential cable) and even if > I'm sturating it using an OpenVPN process running on the router its cores > seem quite unimpressed. But maybe DD-WRT is magical. > Yeah, maybe my 25 Mb/sec generalisation is a bit out-of date but it still depends on what you're prepared to spend. Let's see: ASUS RT-AC5300. It has 8 antennas and is a beast of a router that sells for 439 euros on amazon.de. At that price it really ought to be fast. Back in more reasonably-priced territory, I did some real-world tests 18 months ago on my ASUS RT-AC56U (97 euros on amazon.de, ARM x 2) and never exceeded 25 Mb/s with 80% cpu load. Even had it achieved 100% cpu, that would still only equate to 30 Mb/s. Flippant comments about magic aside, if you throw big mony at the hardware, you'll get more speed. I'm still betting that a small i3 with AES-NI would outperform it on openvpn, and for a fraction of the price. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/KWTqII3--3-0%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
