Of course at first you need a sunray which will be directly attached to your linksys WRT54-based router. Your sunray should be flashed already at the office with the latest available firmware ( >= 3.0_51). You can determine this by listing the content of the /tftpboot-direcory on your sunray server. I haven't tried to flash the sunray via the vpn yet.

Some work has to be done preparing the linksys router for its job. You have to flash it with a custom firmware from www.openwrt.org. All the infos you need to setup the dsl connection, configure the firewall and integrate it to your home network can be found there. You need unix knowledge for this because all the work has to be done at the console prompt. There is no web frontend yet. But it should be easy and delightfull for an experienced unix administrator :) If your plan is to deploy many of these devices you can build your own custom prepared firmware-image.

My internet connection (T-Online T-DSL 1000) with down/up capability of 1000/128 kbit/s is barely fast enough for one sunray client. I can work but some mouse actions are a little bit sluggish. I think this is mostly due to my limited upload capacity. It is important that no other down- or upload interfere your wanray traffic. I would recommend an upload rate of 384 kbit/s for bigger reserves and better responsiveness.

To configure the sunray a dhcp server is always needed. The linksys router running openwrt does already provide a dhcp service. You only need a few addidional entries in /etc/ethers (example: 08:00:20:F9:17:14 sunray), /etc/hosts (example: 192.168.100.30 sunray) and in /etc/dnsmasq.conf:

dhcp-vendorclass=SUNRAYCLASS,SUNW.NewT.SUNW
dhcp-option=SUNRAYCLASS,27,1460
dhcp-option=SUNRAYCLASS,49,10.0.0.8

10.0.0.8 is the internal ip of the sunray server in our office lan.

Of course to get in in contact with 10.0.0.8 via the internet from home with your sunray running the ip 192.168.100.30 some routing/vpn/nat has to be done. You can run this setup without vpn but than you need to open a big range of udp ports on the office firewall (because the sunray uses udp) for the world and i (and your firewall administrator) would'nt recommend this.

To realize the vpn i use openvpn, which is open source, very stable and easy to setup. You need one client instance running on the openwrt router and one server instance in the office (dedicated or directly on the sunray server). The whole ssl-encrypted communication is done via one single udp port. For details how to setup the openvpn software and how to create client and server certificates take a look at the homepage. You can download the openvpn software among other packages from the package-tracker or build your own version. Once the vpn connection is up, you are able to reach the office lan from all devices you are connecting to your openwrt router. Because of the fact that the home devices have internal ip's (192.168.100.x) in a subnet which differs from the office lan running on other internal ip range (10.0.0.x) you should define a nat rule on the openwrt-router:

iptables -t nat -A POSTROUTING -o tun0 -s 192.168.100.0/24 -j MASQUERADE

It is although possible to run openvpn in a bridge mode. Then your devices at home are a "real" part of the office lan running ip's in the same subnet as your office lan (10.0.0.x). This would be possible but i recommend to use the routing mode of openvpn which is more stable and scales better because no broadcast traffic needs to be transmitted via the vpn.

At the office you need the openvpn server instance (dedicated or on the sunray server) and a port-allow-rule for the openvpn udp port on the firewall. Additionally your sunray server should allow the "LAN connection" - Mode which can be turned on using: utadm -L on

If you have any questions just drop me an email: chr@baltic-online.de