NetTEL 2520/2500, PoPToP
As VPN/NAT routers, the NetTEL 2500 line is excellent. At less than $400, it makes a lot of sense for any but the most die-hard do-it-yourselfers in the market for a NAT router or VPN solution.
But there's more. The NetTEL isn't a total loss for the do-it-yourselfer. In fact, the NetTEL (actually, the circuit board which forms the heart of the it) is one of the neatest toys I can imagine a hard-core do-it-yourselfer getting their hands on. Under everything, the NetTEL runs Linux (uClinux, specifically) and that means source code. The uClinux source is fairly monolithic, with code for the kernel and every application in one tree, sharing a common Makefile. The Makefile builds a compressed ROM image, including file systems, kernel and your application software, ready to load. The standard source tree gives you the network-heavy feature set of the NetTEL itself: pppd/diald, Ethernet support, the Boa web server, etc., missing only the NetTEL-specific web interface. From there, parts can easily be added or taken away. Don't expect the latest kernel features, though, as uClinux is based on the version 2.0 kernel, and the libraries have been trimmed with an eye to saving space over preserving functionality.
I must admit I looked over only the development tools. I didn't roll up my sleeves and start coding, but I did enough to learn that if you decide to use a NetTEL to build your own embedded Linux system, you will end up investing in some hardware debugging tools specific to the ColdFire CPU. The NetTEL hardware has a single FLASH ROM containing both the user-loaded code and the boot loader, so if you load a bad system image or in some way manage to disable the networking support, you will end up with a very attractive paperweight until you get those tools.
The Motorola ColdFire CPU is fast, and for those who decide to step below C for added performance, the commands and philosophy should be familiar to anyone who has worked with the Motorola 68K family. Some neat additions and odd changes are tossed in to keep it interesting. The serial ports support data rates of up to 230Kbps, and networking is harder to turn off than to leave on.
The memory and storage will seem vast to anyone used to microcontroller projects, but don't expect Emacs to fit. You've got 1MB of FLASH and 2MB of RAM, enough to do serious work. If you need more, upgraded versions are available from Moreton Bay. Size-induced limitations in the library may cause some ported software not to work without major changes, or to behave in strange and less than wonderful ways. For the most part, standard applications will port nicely to the uClinux platform.
Physically, the circuit board is a little larger than it needs to be because Moreton Bay left room for a PCI slot and support chips, yet the board is still smaller than almost any PC-based Linux solution. You cannot fault anyone for having too much expandability, and the ability to add a PCI card could actually change the development curve for some projects. The board has a very flexible power supply, able to accept AC or DC ranging from 6 to 12 volts, which should be perfect for running from a car battery or other alternative power source. The entire board draws less than five watts while running.
In talking with the folks at Moreton Bay, they are just as excited about the embedded applications for their design and uClinux as they are about the networking applications for the NetTEL. They have a lot of plans to add features specifically for embedded developers, and some special hardware packages are available too, so it is definitely worth thinking about if you are starting to develop a Linux-based embedded system.
Just to prove once and for all that the folks at Moreton Bay really do understand the spirit of Linux and open software, there is one other tool for the do-it-yourselfer. PoPToP, the Linux PPTP server, was originally developed by Matthew Ramsey at Moreton Bay but released under the GNU GPL. It is currently supported by a team of people around the world and has been ported to several platforms besides Linux. With PoPToP, you can implement your own VPN server, so if you really like the idea of a VPN router but finances or philosophy won't let you buy a NetTEL, you can just download the PoPToP software and install it on your own Linux machine for free. You will find a link to the PoPToP web page on Moreton Bay's web site.
I installed the PoPToP software on an Intel Pentium II machine running a 2.2.x kernel, and while installation was fairly painless, it was a compiler job, so don't be surprised if you run into problems getting the software to work on your computer. You will end up with the source for pppd and PoPToP, and you may need to recompile your kernel to get the software to work.
Once configured, the PoPToP software allows you to connect remote computers to your network through tunneled PPP links. PoPToP's configuration files are almost identical to those for pppd, so if you have ever configured your computer to accept incoming PPP connections, you'll have no trouble with PoPToP. If you haven't, the PoPToP FAQ provides sample configuration files that will work with a minimum of change, and the PoPToP web page is full of great links to VPN resources. Once everything is working, connections behave exactly like any serial PPP link. You can route subnets or individual IP addresses through the tunnels just as you can with standard PPP connections. It does what you always hoped networking tools would do—it disappears, never to need fiddling with again.
Born at the beginning of the Microcomputer age, Jon Valesh (firstname.lastname@example.org) has pushed and been pushed by computers his entire life. Having run the gamut from game programmer to ISP system/network administrator; he now occupies himself by providing technical assistance to ISPs and small businesses whenever his day job doesn't get in the way.