VPN Router Recommendations for Fibre.

Check our new Geekzone Price Comparison web site for electronics prices in New Zealand.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › VPN Router Recommendations for Fibre.

dimsim

197 posts

Master Geek

Trusted

Topic # 105831 11-Jul-2012 22:47
Have just discovered my trusty Cisco 871 ethernet routers are only capable of 12.8mbs throughput so not much good for a new fibre connection capable of 70mbs Does anyone have any router recommendations for connecting to a fibre ONT that I can terminate a client to site VPN on, will have a secure IOS like firewall and be rock solid and reliable?

Zeon

2382 posts

Uber Geek

Trusted

Subscriber

Reply # 654255 11-Jul-2012 23:21
PFsense as always from this corner. Run site to site VPN at 100mbps with PFsense running as VMs on both ends with 256bit blowfish. At the datacentre we can push 300mbps+ plus fully encrypted as a VM on e5620 CPUs.

insane

1282 posts

Uber Geek

Trusted

Reply # 654266 12-Jul-2012 00:31
Sonicwall TZ100 will fit the bill, but as Zeon suggests, there are some other homebrew options out there which will work well too.

sbiddle

16719 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Subscriber

Reply # 654289 12-Jul-2012 07:45
A Mikrotik would work, but obviously RouterOS has a steep learning curve if you havce never used it before. *Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

1080p

996 posts

Ultimate Geek

Reply # 654296 12-Jul-2012 07:59
Another vote for pfSense, I have a very low powered box extremely capable of running my current aDSL connection at full speed through a VPN. As far as I can tell it will easily scale up to gigabit speeds in the future. Workstation: Intel DH67CL ~ i5-2500 ~ 4GB Corsair RAM (x2) ~ Intel X25-M 80GB SSD Laptop: Dell Inspiron 1564 ~ i5-520M ~ 4.00GB RAM ~ 500GB SATA HDD ~ Win7 Home Premium x64 Common misconceptions.

theEd

271 posts

Ultimate Geek

Trusted

Reply # 654307 12-Jul-2012 08:54
The Vigor2130 has tested close to full port speed in our tests. With 100 concurrent sessions, we achieved TX:931.887Mbps, RX:887.709Mbps through NAT. The NAT table size is 15,000 sessions. You can check out a demo of the Web UI here, but you also have the full power of OpenWRT via command line. I work for SnapperNet providing Tech Support for DrayTek modem/routers, Edge-core switches, Mobotix high-res IP cameras, QNAP network storage, Yeastar IP PBXs & more. Anything I say is my own opinion and not necessarily that of Snapper Network Distributors

Zeon

2382 posts

Uber Geek

Trusted

Subscriber

Reply # 654322 12-Jul-2012 09:15
theEd: The Vigor2130 has tested close to full port speed in our tests. With 100 concurrent sessions, we achieved TX:931.887Mbps, RX:887.709Mbps through NAT. The NAT table size is 15,000 sessions. You can check out a demo of the Web UI here, but you also have the full power of OpenWRT via command line. What's the VPN performance like? VPN requires countless more CPU cycles than normal routing. E.g. on a Celeron 2.4ghz IPSec VPN on PFsense maxes out at around 20mbps although the box can route 400mbps+ normally. I'd be interested to see the Mikrotek's performance, does it have a dedicated encrypt/decrypt processor?

theEd

271 posts

Ultimate Geek

Trusted

Reply # 654339 12-Jul-2012 09:38
Zeon: theEd: The Vigor2130 has tested close to full port speed in our tests. With 100 concurrent sessions, we achieved TX:931.887Mbps, RX:887.709Mbps through NAT. The NAT table size is 15,000 sessions. What's the VPN performance like? VPN requires countless more CPU cycles than normal routing. E.g. on a Celeron 2.4ghz IPSec VPN on PFsense maxes out at around 20mbps although the box can route 400mbps+ normally. I'd be interested to see the Mikrotek's performance, does it have a dedicated encrypt/decrypt processor? I don't know off the top of my head, but if I get a spare moment today I'll give it a test. That being said, if VPN performance is a big factor you should only be considering devices with dedicated encryption co-processors. Mikrotik is not a single product but rather a wide range of products running their RouterOS system. Some of the products may have encryption co-processors, but none of the ones I've used have. I work for SnapperNet providing Tech Support for DrayTek modem/routers, Edge-core switches, Mobotix high-res IP cameras, QNAP network storage, Yeastar IP PBXs & more. Anything I say is my own opinion and not necessarily that of Snapper Network Distributors

Chippo

60 posts

Master Geek

Trusted

Subscriber

Reply # 654450 12-Jul-2012 12:13
Feel I should weigh in from a Corporate Vendor point of View. IPSec performance is going to depend hugely on the type of traffic, encryption levels, what features you're enabling. Something like Replay Detection will take a HUGE chunk out of your performance. Business-Grade products you'd look at here: Fortinet FortiGate 80C or 100D Juniper SRX (Probably an SRX210, 220 or 240 depending on how close to your actual bandwidth you want to get) Something Cisco. I think their new 880 series is pretty grunty Remember to look at that power draw figures. A 2.4Ghz celeron is going to pull a ton of power over 3 years. Something like the FortiGate will also let you do web filtering & app control plus support contracts etc if you have problems. David I work for a Hosting Provider - But my opinions are my own.

webwat

1275 posts

Uber Geek

Trusted

Reply # 655384 14-Jul-2012 10:44
I vote for pfSense, but it has a lot of features that could be either just confusing (for me) or useful enough to be worth setting up other features that might be more expensive to get on brandname boxes. You might even be able to find a powerful enough Mini ITX or other compact board to build a small but efficient router thats as reliable as any Cisco. Qualified in business, certified in fibre, stuck in copper, have to keep going ^_^