Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Affordable router for near line speed IPsec VPN throughput on Gigabit?
Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

#224037 30-Oct-2017 11:58
Send private message

This isn't really covered by @michaelmurfy  's excellent router guide, so throwing this open for the masses.

 

Currently in the middle of getting Gigabit UFB into several sites for work, and once we have those connections in place we're going to want start using them. Finding a nice business grade router that can handle those UFB connections is easy enough, but we're really wanting to be able to get close to line speed across an IPSec VPN as well. That seems to be a bit more difficult.. What can people suggest that's going to let me get at least 7-800mbps sustained IPSec VPN throughput for a reasonable price? 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
lxsw20
3689 posts

Uber Geek
+1 received by user: 2174

Subscriber

  #1892537 30-Oct-2017 12:16
Send private message

Define reasonable? A quick look at Cisco, Meraki and Juniper you would be looking at between 10 and 20k per device. That sort of VPN processing power comes at a cost! 



coffeebaron
6304 posts

Uber Geek
+1 received by user: 3566

Trusted
Lifetime subscriber

  #1892549 30-Oct-2017 12:28
Send private message

This one does up to 400Mbps: http://www.draytek.com.au/products/broadband-routers/vigor2960/ 

 

This one does up to 800Mbps but not locally available (probably could get on special order through SnapperNet): http://www.draytek.com.au/products/broadband-routers/vigor3900/ 

 

 




Rural IT and Broadband support.

 

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71 
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

lxsw20
3689 posts

Uber Geek
+1 received by user: 2174

Subscriber

  #1892551 30-Oct-2017 12:32
Send private message

Considered building out PFsense boxes?



Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #1892559 30-Oct-2017 12:44
Send private message

lxsw20:

 

Define reasonable? A quick look at Cisco, Meraki and Juniper you would be looking at between 10 and 20k per device. That sort of VPN processing power comes at a cost! 

 

 

1-3K

 

Fortigate 60E/80E/100E series are looking to be the prime candidates from what I can see, they respectively do 2/2.5/4gbps IPSec VPN throughput.

 

 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified
Trusted
Lifetime subscriber

  #1892563 30-Oct-2017 12:45
Send private message

lxsw20:

 

Considered building out PFsense boxes?

 

 

For a bunch of reasons it's not really a viable option.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

nitro
757 posts

Ultimate Geek
+1 received by user: 335


  #1893174 31-Oct-2017 14:48
Send private message

coffeebaron:

 

This one does up to 400Mbps: http://www.draytek.com.au/products/broadband-routers/vigor2960/ 

 

This one does up to 800Mbps but not locally available (probably could get on special order through SnapperNet): http://www.draytek.com.au/products/broadband-routers/vigor3900/ 

 

 

 

 

For VPN:

 

  • 2960 may get 200 Mbps, not more
  • 3900 may get 600 Mbps, not more

The following chart has been "accurate" for the 2760.

 

http://www.draytek.co.uk/products/comparison

 

I have tested the 2760 (Spirent TestCenter: WAN-LAN, no VPN for that one) and it could only muster 150 Mbps with 1500-byte frames. At 64B, it was less than 7 Mbps. So have confirmed that the figures in that chart are best-case scenarios.

 

This put me off Drayteks for routers, though still using the DV130 for VDSL. As stable as they are, thoughput is not where I would want them to be.

 

 

 

 

 

 

 

 

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).

dt

dt
1152 posts

Uber Geek
+1 received by user: 371
Inactive user


  #1893197 31-Oct-2017 15:14
Send private message

Lias:

 

 For a bunch of reasons it's not really a viable option.

 

 

 

 

Is one of the reasons support? if it is you can buy supported pfsense devices, their specs are huge in comparison to other vendors and they're really hard to compete with on price vs performance. 

 

 

 

 https://www.netgate.com/solutions/pfsense/#on-premises

 

 

 

edit: link :) 

coffeebaron
6304 posts

Uber Geek
+1 received by user: 3566

Trusted
Lifetime subscriber

  #1893203 31-Oct-2017 15:21
Send private message

@nitro thanks for the info. I know the Draytek 2860 series top out at approx. 400Mbps WAN-LAN, but also depends on what firewall / QoS / hardware acceleration it's doing. These are still very good routers for small business for the feature set they have.




Rural IT and Broadband support.

 

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71 
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

nitro
757 posts

Ultimate Geek
+1 received by user: 335


  #1893205 31-Oct-2017 15:25
Send private message

@coffeebaron, agree. For small business users, the Drayteks pull their weight in price/performance. Not too long ago 200 Mbps VPN would have been a lot. These days, there are different requirements, such as the OPs. I'd be interested to see what they/he goes with, actually.

 

 

 

 

 

 

wratterus
1687 posts

Uber Geek
+1 received by user: 678


  #1893207 31-Oct-2017 15:38
Send private message

You could look at a Ubiquiti Edgerouter Pro. Looks like people have got around 400 - 500 Mbps IPSec traffic through them. See link

https://community.ubnt.com/t5/EdgeMAX/ERL-Performance-Testing-with-IPSec-VPN/m-p/1053799/highlight/true#M44593

 

 

 

I know it's not quite as much as you were wanting, but for the money (around $700 each) they could be hard to beat.

Edit - Just had a look, the price/performance (just looking at IPSec traffic) is around the same as the Vigor2960. 

Spyware
3818 posts

Uber Geek
+1 received by user: 1366

Lifetime subscriber

  #1893216 31-Oct-2017 15:48
Send private message

Mikrotik CCR1009-7G-1C-1S+




Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

 
 
 
 

Shop now for Dyson appliances (affiliate link).
michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1893218 31-Oct-2017 15:53
Send private message

The Grandstream GWN7000 has hardware accelerated VPN and a newer CPU - I've found I could get 200Mbit out of it but an Ubiquiti USG was the weak link here as the Edgerouter Lite + USG top out at around 200Mbit. I had nothing to test its top speed.

 

Potentially the best value option here.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

wratterus
1687 posts

Uber Geek
+1 received by user: 678


  #1893223 31-Oct-2017 16:00
Send private message

Spyware:

 

Mikrotik CCR1009-7G-1C-1S+

 

 

 

 

That's fairly impressive for the money. 


 

Click to see full size

 

 

chevrolux
4962 posts

Uber Geek
+1 received by user: 2638
Inactive user


  #1893232 31-Oct-2017 16:24
Send private message

The small Mikrotik CCR will do that no problem.

 

Have to say though, wondering the use case? 

coffeebaron
6304 posts

Uber Geek
+1 received by user: 3566

Trusted
Lifetime subscriber

  #1893234 31-Oct-2017 16:29
Send private message

chevrolux:

 

The small Mikrotik CCR will do that no problem.

 

Have to say though, wondering the use case? 

 

 

Inter office file sharing from NAS / server would be one suitable use case.

 

 




Rural IT and Broadband support.

 

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71 
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright