Menu
What's new
By:
Filters Better Search

Reviews. More In-Depth on the IPSEC side

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

R

rayk_sland

New Around Here
I have a network with about 30 DLINK 8port vpn routers which are discontinued and slowing dying off. I bought the replacement model and found that the certificate based authentication in IPSEC was irreparably broken. (sending ID was not the subject from the certificate I installed but a self-signed cert generated by the system.) Libreswan, my endpoint for all the VPN's, would not accept that. I am looking for a solid 8 port vpn router to replace these.

I like the approach of your site, probably would be more amazing if I could see more on how well each router did certificate based auth. Everyone does preshared pretty well, and the reviews don't differentiate, so I still don't know, although I have a few more models, now to try out.

DIR-130's are the routers being replaced. I've now tried the DSR-250 and am seriously unimpressed.
 
Thank you for your comments! If I understand correctly, you are interested in seeing test results for certificate-based authenticated IPSec tunnels.

I have used pre-shared-key authentication for IPSec tunnels in my tests. Not all routers support certificate-based authentication for IPSec. For example, the Linksys LRT2x4 routers we recently tested do not support certificate-based authentication for IPSec.

If supported, I'll test certificate-based authentication and compare it to pre-shared-key authentication on the next VPN router we review.

Certificate-based authentication is probably more secure than pre-shared-key authentication, but I question whether the authentication method will affect IPsec VPN throughput performance. My understanding is IPSec throughput performance is based on the device CPU and the encryption method, not the authentication method.
 
actually it's not throughput itself that I'm interested in as much as the actual functionality-- ie which routers actually do certificate based auth and maybe how well they do it. I suspect that the throughput would be very much the same as with preshared keys. the actual data channel is not any different. it will have more isakmp overhead, I think, but throughput should be identical.
 
You must log in or register to reply here.

Similar threads

O
IKEv2 client on Merlin Firmware
Replies
13
Views
10K
denskyson
D

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 970 (members: 28, guests: 942)
Top