VPN support in an ADSL router?
NoMailWanted
number of others at his shop (ADSL, fixed IP) and wants
to be able to link the two (mostly for file sharing for
images and data on his shop website). He's wanting the
home (office) PC to fit into the shop network, and will
want to access a number of different machines.
Anyone know if any routers can act as the VPN host such
that he doesn't need any particular PC at the shop kept
on to allow access from home, please? I've seen plenty
which support VPN (but I assume these merely allow user
to stablish VPN connections out to other services which
is obviously needed from his home, but it's what to use
at the shop that's in question. He has wireless in use
though if there's a specific router which doesn't offer
it, but can serve as a VPN host then he would switch to
data-over-main for access on the upper floor of shop.
Yes, I know that there's OpenVPN (though not sure it is
ideal - he'd like to be able to switch PCs off, but NAS
box left on in shop, and access that from home, so that
would not be suitable for running OpenVPN).
Any other options welcome, please! Thanks in advance.
Kalyana
>
> Anyone know if any routers can act as the VPN host such
> that he doesn't need any particular PC at the shop kept
> on to allow access from home, please?
Take a look at Draytek routers if the budget will allow.
I use a Draytek 2910 as a VPN host at one address.
HTH
Nick
AIUI the 2910 doesn't do ADSL, has a limited max firewall throughput
15Mb/s and is expensive. I have heard the Draytek's offer enhanced
configurability but I'm surprised at how many people recommend them. The
only real selling point for this router appears to be the dual wan load
balancing.
The netgear DG384 is cheap 1/3 the price of the draytek, handles VPN end
points and is an ADSL router.
Mark McIntyre
>
> The netgear DG384 is cheap 1/3 the price of the draytek, handles VPN end
> points and is an ADSL router.
He needs a router that is a VPN server though. Don't think the 384 does
that.
Also, ahem, there's a reason Netgear are cheap.
Nick
I have a DG834G v1 which has been rock solid for 5 years and a DG834 v3
which has been rock solid for 2+ years. By VPN server I presume he meant
VPN end point capability which the DG834 (v1 and v3) has, it works. VPN
is reasonably solid although I only ran it for a week or two. So I can't
guarantee the VPN is not problematic.
Why do you think the netgear is cheap?
I also have a DG834N v1 which is indeed a turkey when it comes to basic
routing and does not have the VPN stuff, it cost twice the price of the
basic DG834.
www.GymRatZ.co.uk
>
> AIUI the 2910 doesn't do ADSL,
You best tell my 2910's that then. I have one in the shop with 2 x ADSL
(BeThere & UKonline) connections acting as VPN host and I have one 2910
at home running an ADSL connection (O2).The 2 have a permanant VPN
between them and the one at home also runs 2 VOIP phone lines.
> has a limited max firewall throughput 15Mb/s
Who told you that as it's incorrect
My main ADSL connection in the shop is BeThere Pro and Brings 22 Mbps
down and 2.2 Mbps up. I'm 120 m away from the exchange.
> and is expensive.
Depending on what you want from your router. I have no problem
recommending them. Hugely versatile. USB port for printer/usb drive/ftp
server/mobile broadband modem etc etc.
> I have heard the Draytek's offer enhanced configurability but I'm
> surprised at how many people recommend them. The only real selling
> point for this router appears to be the dual wan load balancing.
They are brilliant.
AND the 2910 not having an inbuilt modem means you can use the supplied
service providers router in bridged mode which in the case of Bethere
and O2 gives superb speeds.
Gordon Henderson
www.GymRatZ.co.uk <discount-fitn...@gym.shop.com> wrote:
>Nick wrote:
>>
>> AIUI the 2910 doesn't do ADSL,
>Oh!
>You best tell my 2910's that then. I have one in the shop with 2 x ADSL
>(BeThere & UKonline) connections acting as VPN host and I have one 2910
>at home running an ADSL connection (O2).The 2 have a permanant VPN
>between them and the one at home also runs 2 VOIP phone lines.
The 2910 does not do ADSL natively. None of the 29xx series do. They have
Ethernet ports which can act as a pure Ethernet router (good for Cable,
LAN bridging, etc.), or with suitable external ADSL modems acting as a
PPPoA to PPPoE media convertor, can talk to ADSL lines.
You probably have separate ADSL modems connecting in to it.
Gordon
Jono
> In article <h1id6d$fup$1...@news.eternal-september.org>,
> www.GymRatZ.co.uk <discount-fitn...@gym.shop.com> wrote:
>> Nick wrote:
>>>
>>> AIUI the 2910 doesn't do ADSL,
>> Oh!
>> You best tell my 2910's that then. I have one in the shop with 2 x ADSL
No you don't
>> (BeThere & UKonline) connections acting as VPN host and I have one 2910
>> at home running an ADSL connection (O2).The 2 have a permanant VPN
>> between them and the one at home also runs 2 VOIP phone lines.
>
> The 2910 does not do ADSL natively. None of the 29xx series do. They have
> Ethernet ports which can act as a pure Ethernet router (good for Cable,
> LAN bridging, etc.), or with suitable external ADSL modems acting as a
> PPPoA to PPPoE media convertor, can talk to ADSL lines.
>
> You probably have separate ADSL modems connecting in to it.
>
...Which is what he went on to say..:
Nick
> Nick wrote:
>> AIUI the 2910 doesn't do ADSL,
> Oh!
> You best tell my 2910's that then. I have one in the shop with 2 x ADSL
> (BeThere & UKonline) connections acting as VPN host and I have one 2910
> at home running an ADSL connection (O2).The 2 have a permanant VPN
> between them and the one at home also runs 2 VOIP phone lines.
>
>> has a limited max firewall throughput 15Mb/s
> Who told you that as it's incorrect
Draytek actually http://www.draytek.co.uk/products/vigor2910.html
click on the Comparison tab at the bottom.
Strange that Draytek would be wrong about the ADSL capability and the
firewall throughput.
[snip]
> AND the 2910 not having an inbuilt modem means you can use the supplied
> service providers router in bridged mode which in the case of Bethere
> and O2 gives superb speeds.
>
So it doesn't do ADSL?
www.GymRatZ.co.uk
>
>
> Strange that Draytek would be wrong about the ADSL capability and the
> firewall throughput.
through ISP supplied bridged modem then it _does_ do ADSL as well as cable.
And the Firewall speed is completely wrong. I will admit that if you
use a Draytek V100 or V110 modem then yes, I found these dedicated ADSL
modems are restrictive, but the router it's self has absolutely no
problem with 20+ Mbps
http://www.speedtest.net/rank/1314311024.png
(From when I could be bothered to check)
http://www.speedtest.net/result/500090134.png this was run from from the
shop PC over VPN here at home so speed is a little down on what it would
be if I wasn't doing it remotely. (Just to prove a point that it is
running through the Router)
Certainly doesn't seem to be struggling to me !
> So it doesn't do ADSL?
It is ADSL Compatible. (But you need a simple external modem) Is that
better?
Dave {Reply Address In.Sig}
My Netgear DG834 has survived longer in service than the Draytek 2500. I
also had a Netgear ISDN router for many years, eventually the wall wart
fried and took much of the router with it.
--
Dave
da v...@llondel.org (without the space)
So many gadgets, so little time.
Nick
> Nick wrote:
>>
>> Strange that Draytek would be wrong about the ADSL capability and the
>> firewall throughput.
> Well, if it's got PPPoE or PPPoA or Static/Dynamic IP client and connect
> through ISP supplied bridged modem then it _does_ do ADSL as well as cable.
>
does ADSL. Yes it can work with an ADSL modem but this is not what the
vast majority of people refer to as an ADSL router. If you use language
differently from other people it is likely that you will mislead people.
> And the Firewall speed is completely wrong. I will admit that if you
> use a Draytek V100 or V110 modem then yes, I found these dedicated ADSL
> modems are restrictive, but the router it's self has absolutely no
> problem with 20+ Mbps
> http://www.speedtest.net/rank/1314311024.png
> (From when I could be bothered to check)
> http://www.speedtest.net/result/500090134.png this was run from from the
> shop PC over VPN here at home so speed is a little down on what it would
> be if I wasn't doing it remotely. (Just to prove a point that it is
> running through the Router)
> Certainly doesn't seem to be struggling to me !
When I looked at these routers I was looking at putting them on a
VirginMedia 20 MB/s line. I didn't get it because of the 15 Mb/s
firewall throughput figures that Draytek quoted.
You posted some very impressive speedtest results however I suspect at
least one of them is from a dual line connection which doesn't prove
that the router could handle a 20 Mb/s line. Are you implying that you
believe the router would work at 20 Mb/s on a single connection with the
firewall on? Because if you aren't I think that once again your post is
misleading.
>> So it doesn't do ADSL?
> It is ADSL Compatible. (But you need a simple external modem) Is that
> better?
Yes that is good. Remember a lot of people reading these groups don't
understand a lot of stuff, myself especially, so it is helpful if we try
to spell stuff out. I can't tell you the number of bits of kit I have
bought only to realise afterwards they didn't work in quite the way I
expected.
alexd
> Nick wrote:
>> Strange that Draytek would be wrong about the ADSL capability and the
>> firewall throughput.
> Well, if it's got PPPoE or PPPoA or Static/Dynamic IP client and connect
> through ISP supplied bridged modem then it _does_ do ADSL as well as
> cable.
That's like saying my PC does 10Gb ethernet, because the BT exchange I'm
connected to is backhauled with 10Gb ethernet. Thoroughly confusing, if not
misleading.
--
<http://ale.cx/> (AIM:troffasky) (UnSoEs...@ale.cx)
10:05:32 up 45 days, 16:13, 2 users, load average: 0.60, 0.28, 0.20
A few flakes working together can unleash an avalanche of destruction
www.GymRatZ.co.uk
>
> When I looked at these routers I was looking at putting them on a
> VirginMedia 20 MB/s line. I didn't get it because of the 15 Mb/s
> firewall throughput figures that Draytek quoted.
>
> You posted some very impressive speedtest results however I suspect at
> least one of them is from a dual line connection which doesn't prove
> that the router could handle a 20 Mb/s line. Are you implying that you
> believe the router would work at 20 Mb/s on a single connection with
> the firewall on? Because if you aren't I think that once again your
> post is misleading.
>
IP addresses and the speed test result only show for a single IP
address. However that isn't an issue as I have dual WAN for ISP
redundancey which is why I have Be/O2 as main ISP and a 2Mbps secondary
connection on WAN2 through UK Online which only kicks into life when WAN
1 goes down. No load balancing between Wan 1 & 2 as WAN 2 stays down
until required.
I originally had Cable through Virgin going through the router no speed
issues but it became too flaky and un-reliable especially for VOIP hence
I went to 2 x ADSL connections instead.
Don't think they had the restricted speed indication when I bought mine.
Perhaps they added it when their own V100 modems failed to give decent
speeds. (of which I have 2 now)
HTH
Pete
Mark McIntyre
> Mark McIntyre wrote:
>> Also, ahem, there's a reason Netgear are cheap.
>
> I have a DG834G v1 which has been rock solid for 5 years and a DG834 v3
> which has been rock solid for 2+ years.
That's as may be. They're still not Cisco. And to be clear, it wasn't a
criticism - I have a no-name wireless router doing sterling service
right now. I also have kit by dlink, linksys and others, all cheap
consumer stuff.
> VPN end point capability which the DG834 (v1 and v3) has,
Not according to the spec I read on netgear's website, though that could
well be wrong.
> Why do you think the netgear is cheap?
The question doesn't compute. Netgear kit is cheap because its inexpensive.
> I also have a DG834N v1 which is indeed a turkey when it comes to basic
> routing and does not have the VPN stuff, it cost twice the price of the
> basic DG834.
And how about compared to a Cisco 7200 series? :-)
Nick
> I have a dual WAN set up un the router but you can't shotgun 2 seperate
> IP addresses and the speed test result only show for a single IP
> address. However that isn't an issue as I have dual WAN for ISP
> redundancey which is why I have Be/O2 as main ISP and a 2Mbps secondary
> connection on WAN2 through UK Online which only kicks into life when WAN
> 1 goes down. No load balancing between Wan 1 & 2 as WAN 2 stays down
> until required.
>
Ah, you showed a speedtest download speed of 25.83 Mb/s from BE. I
hadn't realised it was possible to get such a high speed from a single
connection. That's why I though there must be some type of line bonding.
Nick
> Nick wrote:
>> Mark McIntyre wrote:
>>> Also, ahem, there's a reason Netgear are cheap.
>>
>> I have a DG834G v1 which has been rock solid for 5 years and a DG834
>> v3 which has been rock solid for 2+ years.
>
> That's as may be. They're still not Cisco. And to be clear, it wasn't a
> criticism - I have a no-name wireless router doing sterling service
> right now. I also have kit by dlink, linksys and others, all cheap
> consumer stuff.
>
>> VPN end point capability which the DG834 (v1 and v3) has,
>
> Not according to the spec I read on netgear's website, though that could
> well be wrong.
>
http://kb.netgear.com/app/answers/detail/a_id/226/session/L2F2LzEvc2lkL1VWVHBJWkFq
>> Why do you think the netgear is cheap?
>
> The question doesn't compute. Netgear kit is cheap because its inexpensive.
>
You said there was a reason the Netgear was cheap I wondered what you meant?
Gordon Henderson
www.GymRatZ.co.uk <discount-fitn...@gym.shop.com> wrote:
>Nick wrote:
>>
>>
>> Strange that Draytek would be wrong about the ADSL capability and the
>> firewall throughput.
>Well, if it's got PPPoE or PPPoA or Static/Dynamic IP client and connect
>through ISP supplied bridged modem then it _does_ do ADSL as well as cable.
>
>And the Firewall speed is completely wrong. I will admit that if you
>use a Draytek V100 or V110 modem then yes, I found these dedicated ADSL
>modems are restrictive, but the router it's self has absolutely no
>problem with 20+ Mbps
I would trust Drayteks claims about their firewall speed - you are
getting more because you probably aren't using the firewall. Simple NAT
is different from the firewall facilities of the 29xx routers, as is VPN.
You are probably not using the firewall, other than Drayteks supplied
settings - which are very trivial. The more firewall rules you put in
the box, the slower it will go.
In particular, the encryption part of a VPN requires a lot of cpu
horsepower and although (I think) the newer Drayteks have a hardware
encryption module, the older ones don't. Even with a hardware module, it
still may not be capable of running at full line speed - hence Drayteks
claims of 15Mb/sec.
The early 2900's and the 2600's did encryption in software - and were
limited to about 1.5Mb/sec. with encryption turned on. That was fine
when we were living in the 2Mb/256Kb ADSL world, but not in these
enlightened days.
However, a 15Mb/sec VPN is still fine in todays world as one leg of the
link is not going to be over about 2Mb/sec anyway... (In the ADSL world)
Gordon
www.GymRatZ.co.uk
>
> Ah, you showed a speedtest download speed of 25.83 Mb/s from BE. I
> hadn't realised it was possible to get such a high speed from a single
> connection. That's why I though there must be some type of line bonding.
or something.
99% of the time it's somewhere between 20 and 22Mbps and 2 to 2.2 up
perhaps could have been before I switched to upload plus which eats into
some download to increase upload bandwidth. Either way it's only ever
been a single connection though it was the "best recorded speed" so
slightly higher than expected.
www.GymRatZ.co.uk
>
>> I would trust Drayteks claims about their firewall speed - you are
>> getting more because you probably aren't using the firewall. Simple NAT
>> is different from the firewall facilities of the 29xx routers, as is VPN.
>> You are probably not using the firewall, other than Drayteks supplied
>> settings - which are very trivial. The more firewall rules you put in
>> the box, the slower it will go.
>>
>>
I have a few rules set up and some URL filters and bits and bobs, but on
the whole the rest isn't doing a lot and there's an awful lot of things
it could be doing. At the moment it's got 2% CPU usage 16MB total Memory
and 59% memory usage so plenty of processing power not used. Seems
strange for a manufacturer to quote worst case scenario unless they are
doing so to push sales to more recent models which would make sense.
Gordon Henderson
If you quote worst-case, then people don't whinge when they do something
that actually results in the worst-case... Most of the time they'll
never reach it, so they'll precieve it as a bonus :)
Gordon
alexd
> Ah, you showed a speedtest download speed of 25.83 Mb/s from BE. I
> hadn't realised it was possible to get such a high speed from a single
> connection. That's why I though there must be some type of line bonding.
It isn't possible to get that speed from a Be connection. ADSL2+ syncs at
24Mbps downstream, max. Actual IP throughput will be less than that due to
ATM overheads.
--
<http://ale.cx/> (AIM:troffasky) (UnSoEs...@ale.cx)
20:57:47 up 47 days, 3:19, 2 users, load average: 0.10, 0.11, 0.11
www.GymRatZ.co.uk
>
> It isn't possible to get that speed from a Be connection. ADSL2+ syncs at
> 24Mbps downstream, max. Actual IP throughput will be less than that due to
> ATM overheads.
>
First ADSL2+ ISP I had on it was UKonline Pro for 12 months followed
currently by BePro both lines started life with a sync speed closer to
25Mbps on UK online it actually hit closer to 26Mbps sync speed on
_initial_ connection if I remember correctly so to say the max sync
speed is 24Mbps is not true I think I even had a temporary sync at close
to 30Mbps (29 or thereabouts) on one occasion but this was short lived.
Obviously ISP isn't going to ever give more than you pay for or they
advertise etc.
Can't easily tell what the line is sync'd at as all connection equipment
is set in bridged mode so can't get line sync data as the router in
effect can't actually "see" the modem and without re-jiggling PC IP
address and plugging PC directly into modem and resetting modem to
factory default there's no way to interrogate. All I care about is I
have a connection way faster than I can saturate with 4 PC's (Down
stream) and an upstream that can chuck out plenty enough for a very
workable VPN.
Speedtest can be inaccurate but I don't think it's ever going to be
inaccurate to the point of reading _greater_ speeds.
alexd
> First ADSL2+ ISP I had on it was UKonline Pro for 12 months followed
> currently by BePro both lines started life with a sync speed closer to
> 25Mbps on UK online it actually hit closer to 26Mbps sync speed on
> _initial_ connection if I remember correctly so to say the max sync
> speed is 24Mbps is not true I think I even had a temporary sync at close
> to 30Mbps (29 or thereabouts) on one occasion but this was short lived.
Why is it sold as up to 24Mbps then? Surely it would make more sense to sell
it as up to 30Mbps; this would give some kind competitive advantage over
ISPs selling ADSL2+.
> Speedtest can be inaccurate but I don't think it's ever going to be
> inaccurate to the point of reading _greater_ speeds.
Why?
--
<http://ale.cx/> (AIM:troffasky) (UnSoEs...@ale.cx)
18:55:34 up 48 days, 1:26, 2 users, load average: 0.25, 0.18, 0.17