VPN Router Recommendations for Fibre.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › VPN Router Recommendations for Fibre.

dimsim

848 posts

Ultimate Geek

Trusted

Lifetime subscriber

#105831 11-Jul-2012 22:47

Have just discovered my trusty Cisco 871 ethernet routers are only capable of 12.8mbs throughput so not much good for a new fibre connection capable of 70mbs

Does anyone have any router recommendations for connecting to a fibre ONT that I can terminate a client to site VPN on, will have a secure IOS like firewall and be rock solid and reliable?

Zeon

3916 posts

Uber Geek

Trusted

#654255 11-Jul-2012 23:21

PFsense as always from this corner. Run site to site VPN at 100mbps with PFsense running as VMs on both ends with 256bit blowfish. At the datacentre we can push 300mbps+ plus fully encrypted as a VM on e5620 CPUs.

Speedtest 2019-10-14

insane

3240 posts

Uber Geek

ID Verified

Trusted

#654266 12-Jul-2012 00:31

Sonicwall TZ100 will fit the bill, but as Zeon suggests, there are some other homebrew options out there which will work well too.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#654289 12-Jul-2012 07:45

A Mikrotik would work, but obviously RouterOS has a steep learning curve if you havce never used it before.

1080p

1332 posts

Uber Geek
Inactive user

#654296 12-Jul-2012 07:59

Another vote for pfSense, I have a very low powered box extremely capable of running my current aDSL connection at full speed through a VPN. As far as I can tell it will easily scale up to gigabit speeds in the future.

theEd

341 posts

Ultimate Geek

Trusted

#654307 12-Jul-2012 08:54

The Vigor2130 has tested close to full port speed in our tests. With 100 concurrent sessions, we achieved TX:931.887Mbps, RX:887.709Mbps through NAT. The NAT table size is 15,000 sessions.

You can check out a demo of the Web UI here, but you also have the full power of OpenWRT via command line.

Zeon

3916 posts

Uber Geek

Trusted

#654322 12-Jul-2012 09:15

theEd: The Vigor2130 has tested close to full port speed in our tests. With 100 concurrent sessions, we achieved TX:931.887Mbps, RX:887.709Mbps through NAT. The NAT table size is 15,000 sessions.

You can check out a demo of the Web UI here, but you also have the full power of OpenWRT via command line.

What's the VPN performance like? VPN requires countless more CPU cycles than normal routing. E.g. on a Celeron 2.4ghz IPSec VPN on PFsense maxes out at around 20mbps although the box can route 400mbps+ normally.

I'd be interested to see the Mikrotek's performance, does it have a dedicated encrypt/decrypt processor?

Speedtest 2019-10-14

theEd

341 posts

Ultimate Geek

Trusted

#654339 12-Jul-2012 09:38

Zeon:
theEd: The Vigor2130 has tested close to full port speed in our tests. With 100 concurrent sessions, we achieved TX:931.887Mbps, RX:887.709Mbps through NAT. The NAT table size is 15,000 sessions.

What's the VPN performance like? VPN requires countless more CPU cycles than normal routing. E.g. on a Celeron 2.4ghz IPSec VPN on PFsense maxes out at around 20mbps although the box can route 400mbps+ normally.

I'd be interested to see the Mikrotek's performance, does it have a dedicated encrypt/decrypt processor?

I don't know off the top of my head, but if I get a spare moment today I'll give it a test. That being said, if VPN performance is a big factor you should only be considering devices with dedicated encryption co-processors.

Mikrotik is not a single product but rather a wide range of products running their RouterOS system. Some of the products may have encryption co-processors, but none of the ones I've used have.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

Chippo

129 posts

Master Geek

Trusted

#654450 12-Jul-2012 12:13

Feel I should weigh in from a Corporate Vendor point of View.

IPSec performance is going to depend hugely on the type of traffic, encryption levels, what features you're enabling. Something like Replay Detection will take a HUGE chunk out of your performance.

Business-Grade products you'd look at here:

Fortinet FortiGate 80C or 100D
Juniper SRX (Probably an SRX210, 220 or 240 depending on how close to your actual bandwidth you want to get)
Something Cisco. I think their new 880 series is pretty grunty

Remember to look at that power draw figures. A 2.4Ghz celeron is going to pull a ton of power over 3 years. Something like the FortiGate will also let you do web filtering & app control plus support contracts etc if you have problems.

David

I work for a global Data Protection Software company - But my opinions are my own.

webwat

2036 posts

Uber Geek

Trusted

#655384 14-Jul-2012 10:44

I vote for pfSense, but it has a lot of features that could be either just confusing (for me) or useful enough to be worth setting up other features that might be more expensive to get on brandname boxes.

You might even be able to find a powerful enough Mini ITX or other compact board to build a small but efficient router thats as reliable as any Cisco.

Time to find a new industry!