Menu
What's new
By:
Filters Better Search

Need advice on VPN routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

P

pschmehl

Occasional Visitor
Total newbie here. Just registered. I'm a retired computer security guy (edu), and I never setup any kind of network like a lot of my peers did. No server racks in my house. No switches. No Cat5E in the walls. Nothing. I have the TWC router (an Arris DG1670A) and a 2.4 and 5 GHz wireless network.

Recently I've been researching getting one IP camera to watch my driveway. That has led me down numerous paths which finally led me here.

I think I want to hardwire my TV and Roku. I have a 200Mbps connection from TWC which tests out to that or slightly more on my Windows 10 PC (which is plugged in to the router) but my wireless connection is half of that for the 5GHz network (on my Mac laptop) and half again for the 2.4GHz network (TV, Roku, some other stuff).

Both my Roku and my TV are on the 2.4 GHZ network, so hardwiring them would provide an instant speed upgrade. (Streaming works fine now, but hardwiring it would be much better.) I can pull the wire and make up the switchplates, so that's not a problem. I have two open ports on my router, so I *could* use one for the TV and Roku (with a splitter) and one for the camera.

But, if I get the camera, I want remote access, so that means setting up VPN. I could do that on my Windows 10 box, but I'm a retired computer security guy, so no.

Since I'm retired, I don't want to dump a ton of money buying all sorts of equipment and building out a huge network that I'll seldom ever use. IF I get the camera, I'll use a PoE injector for that rather than buying a switch.

I'm old and lazy and have a ton of other interests to keep me occupied, so I don't want to buy and build out unix boxes to do all this stuff and then have to maintain them. I already manage five different internet FreeBSD servers (websites and mail servers), so I have no interest in doing more. I'd prefer something that was set and forget as much as possible.

All I really need is VPN and perhaps a few more ports in case I come up with another crazy idea. Right now my Windows box and printer are plugged in to the Arris, so I only have two ports left.

There are some relatively inexpensive gig routers with VPN on Amazon. Here's some I've put on my wish list (I use it like a bookmark - I delete them once I've eliminated ones I don't want.)

TP-Link TL-R600VPN Gigabit Broadband VPN Router
Netgear ProSafe FVS318G 8-Port Gigabit VPN Firewall
Cisco RVL200 4-Port SSL/IPsec VPN Router
Linksys LRT214 Gigabit VPN Router
Cisco Systems 5-Port Gigabit VPN Router (RV130K9NA)
D-Link 8-Port Gigabit VPN Router

My question for you old pros at this is, which of them seems to be the most reliable? Would you recommend something else entirely?
 
pschmehl said:
But, if I get the camera, I want remote access, so that means setting up VPN. I could do that on my Windows 10 box, but I'm a retired computer security guy, so no.
Click to expand...

Might not need a VPN - just find a camera vendor that has a reasonably secure implementation (Panasonic is good for this), and port forward it... Secure IP based cams do exist, just do a bit of research - the cheap ones generally are not.

Security is best when it is kept simple...
 
VPN is still useful but "VPN" routers are actually archaic platforms that do not support the most recent features or have the most outdated hardware. All the routers you listed are terrible.

Here is a checklist you have to go through before getting one.
Your WAN speeds with their setup (such as using PPPOE, vlan).
VPN speeds and type you want.
Features you want.

For example asus routers support more vpn types than what these vpn routers offer. mikrotik CCRs and x86 have WAN and VPN speeds better than any "VPN router" without needing to rely on hardware acceleration, only hardware encryption and support more vpn types and configs. Each CCR core does 300Mb/s of PPTP, each x86 core does way more depending on the CPU.
 
I don't really need another wireless router, but OTOH, I wouldn't object to getting one if it's not too high priced. Do the new 802.11ac routers still have the 2.4GHz band? I have to have that for some of my older devices.
 
pschmehl said:
Do the new 802.11ac routers still have the 2.4GHz band?
Click to expand...

Most consumer grade, and many SME oriented products do offer 2.4GHz - the main site has a wealth of more focused info and reviews there on various product...
 
pschmehl said:
This is a bit of overkill, but the price is right and it has the bonus of a PoE port. Mikrotik RB2011iLS-IN 10 Ehternet Ports RouterBoard

I'd have to familiarize myself with OpenVPN, but I don't think that would be a problem.

Thanks for the tip.
Click to expand...
bad cpu for VPN. MIPS perform poorly with it. If you do want POE consider the RB3011 instead as it has a decent dual core ARM with a single POE in and POE out port.

go to routerboard.com, look at the CPU details of it. The architecture, clock and core count are important. There are also datasheets.

If you want to use vpn than look at the RB1100AHx2, RB3011 and CCR series for mikrotik. Many consumer routers also do use dual core ARMs but the qualcomm based ARM is better than broadcom.
 
Those are getting kind of rich for my blood. Remember, I only need one VPN tunnel. Nobody but me will ever use it.
 
After tons of reading and research, I've decided to setup the built in PPTP VPN in my Windows 10 box IF I get the camera, and limit access to the camera's IP address. Thanks to @sfx2000 for reminding me to KISS. I changed the password to my 5GHz wireless network, which is running at 100 Mbps, and got both my TV and Roku working on that network, so I no longer feel motivated to hardwire those. 100 Mbps should be more than enough to stream videos.

I understand that some may think this is stupid or inadequate, but it's probably sufficient for what I need and saves me money. The only reason I would ever use VPN is when I was away from home and only to look at the camera. The camera has built in security (not very good) and PPTP is adequate, so with IP restrictions, my risk is limited to someone breaking in to the VPN, guessing the password for the camera and then viewing hours and hours of footage of my empty driveway and cars passing by in the alley. Not exactly a situation that requires world class security.

If I ever decide to get a better setup, I'll probably get something off of eBay. They've got enterprise firewall/vpn appliances for as little as $10. Yeah, not the latest and greatest, but more than sufficient for what I would need.

Thanks for all your input and help. You helped me to clarify my needs and diminish my lust for getting something new and bright and shiny.
 
System Error Message said:
VPN is still useful but "VPN" routers are actually archaic platforms that do not support the most recent features or have the most outdated hardware. All the routers you listed are terrible.
Click to expand...
I think 'terrible' is a bit of an extreme opinion. Many of the units listed will work perfectly fine for the OP and the relatively simple task of watching the camera.

The main problem with VPN routers is how to 'dial in'? Some platforms have incompatibilities that may be an issue depending on what you're using to access the vpn. So that being said, what is the vpn client going to be? Phone? tablet? computer? And accessed from where? public networks? hotspots?
 
Samir said:
I think 'terrible' is a bit of an extreme opinion. Many of the units listed will work perfectly fine for the OP and the relatively simple task of watching the camera.

The main problem with VPN routers is how to 'dial in'? Some platforms have incompatibilities that may be an issue depending on what you're using to access the vpn. So that being said, what is the vpn client going to be? Phone? tablet? computer? And accessed from where? public networks? hotspots?
Click to expand...
Thanks.

iPhone 6 and/or Mac Powerbook (El Capitan), both of which can do PPTP, L2TP, IPSec and IKE. So there should not be a problem connecting to any reasonably standards compliant VPN device.
 
pschmehl said:
After tons of reading and research, I've decided to setup the built in PPTP VPN in my Windows 10 box IF I get the camera, and limit access to the camera's IP address. Thanks to @sfx2000 for reminding me to KISS. I changed the password to my 5GHz wireless network, which is running at 100 Mbps, and got both my TV and Roku working on that network, so I no longer feel motivated to hardwire those. 100 Mbps should be more than enough to stream videos.

I understand that some may think this is stupid or inadequate, but it's probably sufficient for what I need and saves me money. The only reason I would ever use VPN is when I was away from home and only to look at the camera. The camera has built in security (not very good) and PPTP is adequate, so with IP restrictions, my risk is limited to someone breaking in to the VPN, guessing the password for the camera and then viewing hours and hours of footage of my empty driveway and cars passing by in the alley. Not exactly a situation that requires world class security.

If I ever decide to get a better setup, I'll probably get something off of eBay. They've got enterprise firewall/vpn appliances for as little as $10. Yeah, not the latest and greatest, but more than sufficient for what I would need.

Thanks for all your input and help. You helped me to clarify my needs and diminish my lust for getting something new and bright and shiny.
Click to expand...
I missed this post. Glad you found a cheap and easy way to do what you wanted. And with all the layers involved, that's a lot of guessing someone would have to do to get to see some mundane footage.
 
pschmehl said:
Thanks.

iPhone 6 and/or Mac Powerbook (El Capitan), both of which can do PPTP, L2TP, IPSec and IKE. So there should not be a problem connecting to any reasonably standards compliant VPN device.
Click to expand...
'Should' is the appropriate word. A lot of times the theoretical doesn't work in practice, for whatever reason. I think you've found the best solution with using what you already got.
 
If you are going to keep a machine running to host the VPN server, I would recommend looking at something else than PPTP, since PPTP is considered to be crypto-cracked for a few years now.

I assume your VPN needs involves mostly accessing your cameras remotely. You don't need 200 Mbps of routing performance for this, look for an ARM-based home router that has either built-in OpenVPN or which can run Tomato/DD-WRT. A Netgear R7000 or an Asus RT-AC68U should give you around 50 Mbps of OpenVPN throughput - plenty sufficient for camera monitoring (which would be capped by your upstream performance anyway, not your downstream).

I would also recommend separating the switch from the router. Go with the basic 4 ports router, and rely on a switch for additional ports. They tend to be more reliable, easier to start with an 8-port if you intend to expand, and you can get a managed one at a very reasonable price these days, if you ever intended to play with VLANs.
 
Last edited:
pschmehl said:
Thanks.

iPhone 6 and/or Mac Powerbook (El Capitan), both of which can do PPTP, L2TP, IPSec and IKE. So there should not be a problem connecting to any reasonably standards compliant VPN device.
Click to expand...

Apple is removing PPTP support with iOS 10 (and with the next MacOS iteration as well I believe).
 
RMerlin said:
Apple is removing PPTP support with iOS 10 (and with the next MacOS iteration as well I believe).
Click to expand...

Confirmed on both - Apple is going away from PPTP...

(which is a good thing, honestly, both the auth and encryption vectors there are so very broken these days on all platforms)
 
You must log in or register to reply here.

Similar threads

A
New camera wiring problem - hope someone can help!
Replies
7
Views
540
coxhaus
C
B
Single guest network where devices can interact
Replies
6
Views
378
bennor
B
D
Netgear GS305EPP Port 4 Untrusted?
Replies
5
Views
235
ds5686920
D
K
Need recommendation \ advice for VPN for TS-673
Replies
0
Views
221
kmaulsby18
K
koonthul
Home Network Plan - Where and What
Replies
18
Views
695
degrub
D
Similar threads
Thread starter Title Forum Replies Date
J PLC: I need a RELIABLE 3-ethernet port unit with the British plug configuration. Switches, NICs and cabling 4
M In need of good video(s) for Cat 6a cable stripping and punch down practices Switches, NICs and cabling 8
Johno What sort of network tester do I need? Switches, NICs and cabling 6
P Need help after power surge Switches, NICs and cabling 12

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 555 (members: 19, guests: 536)
Top