Linksys WRT54g 802.11g access point
An ideal office Wi-Fi system? Not quite...
We recently looked at a Buffalo ISDN/802.11b access point/router in a home environment. Here, we look at a similar product - the Linksys Ethernet/802.11g access point/router - but this time in a small office environment. Although Linksys (now part of Cisco) firmly aims its products at the consumer and 'prosumer' markets, the WRT54g purportedly has all the capabilities needed by a small office, and is certainly marketed as such by Linksys' resellers. The box comes as a four-way 10/100Mbps Ethernet hub with wireless access, has NAT capabilities, and a built-in firewall with port forwarding and VPN pass-through. These functions make the WRT54g rather over-loaded for a home user, but ideal for small office users. And, at under £100, it's competitively priced, writes Clive Longbottom of Quocirca.
Set up is easy. Unpack the box, plug in the external power supply and connect it up the Internet feed, such as an ADSL modem or, in my case, a GX Networks Fixed Wireless Internet connection.
The WRT54g is set up using a browser, just like most of these kinds of products. By typing in the box's default IP address, 192.168.1.1, a fairly simple set of pages is brought up, enabling you to configure details such as your ISP, whether to use encryption protocols WEP and WPA, setting up MAC address filters, specific rules for specific clients as to areas such as times of acceptable access and so on. Here you can also set up details of DHCP address ranges and any port forwarding required. The box can also be set up to be in stealth mode - making its external IP address hidden to Ping commands from outside.
The Wi-Fi operation is excellent - every card within the organisation works - whether it is an old 802.11b or a new 802.11g card, whether it's from Linksys, 3Com, Compaq, white-branded or whatever. Performance feels excellent. Although I haven't carried out any proper speed measurements, the change against my old 802.11b environment is marked. Placement of the unit seems to be only of minor consideration - a point helped by having two antennae, rather than the one found on many other boxes. The device is also stable - the old box often crashed, which caused major problems when I was away from the office.
All in all, a well-specified and easily configured solution which seems to have much of the requirements covered for a small office. Now, let's look at the problems. Well, the obvious one is that four ports do not a small office hub make - even when you are looking at using Wi-Fi. But then you can always plug in another hub to up the number of available ports - just like we have done here, with an external eight-port box for 11 ports in total.
Next is the paucity of RPC port-forwarding capabilities - the box only allows ten ports to be forwarded. Now this can be a problem: a mail-in SMTP feed requires one, as does a Web server, FTP out and POP3. What other port-forwarding functions might a small office require? Spam filters generally require a port to be opened and pointed to a specific machine.
Some Instant Messaging tools also require ports to be opened - and you may not want everyone in the company to be using the tool. Many synchronisation tools require open ports - and again may be machine-dependent as to how you want them to work. It is very nearly arrived at the point where the Linksys reaches its limit - and then there is nothing you can do but swap out the box for a replacement with a better port-forwarding capability.
But, for me, the killer issue is VPN pass-through support. The box says that it supports VPN pass-through, which is exceedingly helpful for any remote users trying to access their head office. It does not provide end-point VPN capabilities itself, but should automatically enable the passage of data from a VPN client to a VPN server within the organisation. The majority of small organisations will go for the simplest, lowest cost solution: Microsoft's 'free' PPTP VPN capability, built-in to Windows server.
Now I had this working fine through my old wireless router (a Proxima Farallon 802.11b unit). With the Linksys, everything was set up, but the connection just kept timing out. Calls to the support desk resulted in multiple new builds for the firmware, lots of jiggery pokery and being led by the hand through the set-up procedures - but no VPN capabilities at all. I could connect from inside the firewall - so the VPN was working - but any connection from outside timed out. Opening all ports to the server made no difference. Linksys finally agreed to ship a new box (against company policy, as the margins they are working against are very low), but I experienced the same problem. It seems to be that the box can't handle the GRE protocol 47 correctly. Linksys seems to think that this is a port that needs to be opened, rather than a protocol. Consequently, the initial link is made through port 1723, and the VPN server can't then create the necessary link for the tunnel.
Other problems I came up against included the inability for either of the two boxes provided to me to log any Wi-Fi activity - the log file has remained resolutely empty - and this article is being written from a wireless laptop, so I can guarantee that something has been going on over the past five months. This has not proved a major problem for me - yet. Should I suddenly have a intrusion attack, I would like to be able to see what has been happening. For many small companies, this log would be useful for tracking both incoming and outgoing activity.
For a home user, the Linksys WRT54g is a super box - it performs well, is easy to set up, and provides a with good level of flexibility for security. However, with the channel also positioning it as a small office solution, I would hesitate - the fact that PPTP VPN has not been able to be made to work for me has resulted in many hours of frustration and trying to find other ways of working (finally ending up with a VNC-based solution). However, if you do not need too much in the way of port-forwarding and VPN access is not an issue, the box would make a good base-level solution for offices of up to around 20 users.
The final point I'd make is that with the errors that I've found within the box. how secure would it really be in a small office environment? Without turning blackhat and trying to break through the box, it's difficult to be sure.