• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Looking for tunnel-supporting router with VPN.

Started by sangamon, January 30, 2011, 11:08:52 AM

Previous topic - Next topic

sangamon


I currently have a couple of NetGear FVS318 firewall routers with VPN.  They're terrific except that they don't pass protocol 41 (and won't, according to NetGear support).  Therefore, I can't use the tunnel broker for IPv6 testing.  Neither of my internet providers offer IPv6, and have no plans to do so anytime soon.  (I guess they have pallets full of IPv4 addresses in their warehouses.)

Do any of you folks have experience with VPN routers that WILL support tunnels?  I've read many posts on the forums, but VPN is only rarely mentioned.  VPN is very important to me because I have two locations about 100 miles apart.  The VPN doesn't need to support IPv6, although that would be great.

I'm looking for a solution that has a reasonable price (under $150-ish).  I've considered using a couple of extra PCs with Linux, but I've had terrible luck with this in the past.  There is a LOT of information on VPNs, firewalls, and routers under Linux, but quite a bit of it is repetitive and erroneous.

If I've missed something obvious at HE please point me there, but I've done a lot of searching and reading.

Thanks.

jrocha

If you don't mind doing some legwork, you can probably get good results from consumer-grade routers and DD-WRT.

antillie

#2
Other than a couple of PCs running Linux the only thing that comes to my mind is a pair of older Cisco routers. A couple of 2621xm's with 12.4 Advanced Enterprise IOS images and VPN accelerator cards (AIM-VPN/BPII) will do this. You can probably get them for less than $150 each on Ebay.

I have a 2621xm running 12.4 Advanced Enterprise that acts as both my HE.net tunnel termination device and as an IPSec Client VPN termination device. I don't have a second location to peer to for a site to site tunnel but the router itself is perfectly capable of it. If you run a 12.4T IOS image these routers can even do IPv6 IPSec tunnels. Although getting the proper IOS image can be a challenge.

My (very informal) personal testing seems to indicate that the 2621xm caps out at about 23 mbps of clear text IPv4 throughput in a PAT situation with no ACL filters. VPN throughput (with an AIM-VPN/BPII card installed) seems to be similar, maybe slightly lower. I'm honestly not sure what their IPv6 throughput is but it is probably similar to their IPv4 throughput. If you need more throughput a pair of 3725's or 3745's with AIM-VPN/EPII cards comes to mind.

Honestly a couple of PC's running Vyatta or some routing flavor of Linux will be much faster and probably easier to get setup if you aren't already familiar with Cisco IOS routers. As Jrocha mentioned DDWRT is also an option but consumer routers tend to have low power CPUs so their VPN throughput usually leaves something to be desired.