Device Profile: 3Com OfficeConnect SecureRouter and VPN Firewall
Sep 23, 2004 — by LinuxDevices Staff — from the LinuxDevices Archive — 15 views3Com's OfficeConnect SecureRouter (3CR860-95) and OfficeConnect VPN Firewall (3CR870-95) are Linux-based VPN routers for the SOHO (small office, home office) market. 3Com offers a free but unsupported Linux-MIPS kernel source tree and cross-compiling toolchain for the devices, making them potentially interesting to embedded Linux hackers.
The “SecureRouter” and “VPN Firewall” share the same case, and have most of the same features
Both devices are rumored to be based on a Broadcom BCM6350 SoC (system-on-chip), according to a post at Linux-mips.org. However, almost no information appears to be available on the Internet about this mysterious chip.
Both OfficeConnect products support secure site-to-site or user-to site communications over VPN tunnels. The SecureRouter supports two VPN lines, while the VPN Firewall includes an IPSec cryptographic accelerator in hardware, and supports up to 50 simultaneous VPN tunnels, according to 3Com. The devices are compatible with most VPN terminators, 3Com says, and support VPN protocols that include IPSec, DES, 3DES, and AES-128, as well as PPTP and L2TP.
Both devices include stateful packet inspection firewalls that can prevent unauthorized access and block denial of service and other common attacks, 3Com says. They also include URL filtering capabilities to block user access to undesirable sites. Traffic-shaping capabilities can prioritize traffic on user-definable ports, to guarantee bandwidth for voice and multimedia applications. LED warning lights call attention to major security concerns, which are also logged.
The OfficeConnect devices run DHCP (dynamic host configuration protocol) servers that automatically assign non-Internet-routable IP addresses to local computers. The devices then provide NAT (network address translation, also sometimes called IP masquerading) to enable local computers to share an Internet connection. Claimed LAN-to-WAN throughput is up to 20Mbps for unencrypted traffic.
Both devices offer an autosensing 10/100 WAN port, as well as a built-in 4-port 10/100 Ethernet switch with Auto MDI/MDIX. They support PPPoE, PAP, and CHAP, in order to support the inferior on-demand broadband connections that are the only DSL alternative in some geographic areas. They also support Dynamic DNS (though a provider such as home Linux), which enables servers to be hosted on impermanent network addresses.
Additional features include support for DMZs (demilitarized zones, or subnets accessible both locally and publicly, typically used for Web and other servers); RIP 1 and 2 IP routing and static routing table support, useful for multinetwork environments; and traffic metering.
The OfficeConnect devices offer setup wizards and can be configured through a web interface, 3Com says.
Both OfficeConnect devices share the same case, which measures 9.1 x 5.3 x 1.6 inches (228 x 135.4 x 41.8mm), and both weigh 1.9 pounds (535 grams). They include an 11-watt 10-30V power supply, and have a claimed maximum power consumption of 6.5 watts.
3Com provides an unsupported GPL code download for both devices. The 85MB download includes a cross-compiling toolchain for building applications on an x86 PC that will run on the devices' MIPS processors. The download also includes source code for Linux kernel 2.4.17 Linux kernel.
Digital Life has published an exhaustive review of the OfficeConnect devices, here.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.