VPN Router Suggestions

[gnulab]

Hi fellow members,

To cut straight to the point, I would like to ask for suggestion on the VPN router, that so far I had narrowed it down to what is available in my country, is suitable for my requirements.

1. Mikrotik RB110
2. Mirkotik RB3011
3. Mirkotik CCR1009
4. ZyXEL ZyWall 110

My setup and requirement would be like this:

1. A web-based app server is co-located at a datacenter.
   
2. The VPN router will be at the datacenter too.
   
3. The app server will be connected to the router.
4. The connection at the datacenter is 1 gbps shared among the datacenter customers.
   
5. 3 sites (each is connected via 10 mbps internet connection) will be connecting to the router via somesort of VPN, preferably OpenVPN > L2TP > PPTP.
   
6. Thus 3 sites + application server all will be under 192.168.x.x. IPs.
7. Each site consists of approximately 10-15 users.
   
8. There is future plan for 7 salesmen to access the app server remotely using laptops
   
9. The router should also act as a firewall to auto reject any DDOS attacks, ping floods and such.

What would be your take?
I would prefer OpenVPN as some public hotspots do not allow PPTP connections. Meanwhile I read that PPTP is highly unsecure.


Thank you in advance.

 

[RMerlin]

If performance is critical, then look at something with IPSEC support instead of OpenVPN. IPSEC is able to leverage hardware crypto support, unlike OpenVPN (due to its userland nature). The only way to get good OpenVPN performance is by using a CPU that's at least as powerful as an Intel i5 or better. Best you might get with ARM hardware is probably in the 200-300 Mbps range.

I would completely scratch PPTP from your list, it's no longer a viable option in 2018.

 

[umarmung]

IPSEC all the way.

RB1100AHx4 > CCR1009 > RB750GR3

All are more powerful than those ZyWalls, though no doubt harder to configure.

The RB3011 has no IPSEC hardware acceleration and it is a bit of a deadend model for SMB/SOHO (it has poor price/performance and had multiple serious issues).

 

[gnulab]

Hi,

Thanks for the suggestions guys! Really appreciate it.

 

[System Error Message]

i hope you didnt purchase anything yet. The CCR1009 is actually faster than the RB1100AHx4. Both the RB3011 and RB1100AHx4 have similar CPUs btw, they're both ARMs.

The CCR1009 has total faster throughput for both WAN, QoS and VPN, and has hardware IPSEC and AES. It may not be as fast as the RB1100AHx4 at the same clocks if you are looking at a single tunnel though, however for 500Mb/s of throughput even the CCR1009 will give that for a single VPN tunnel.