(SOHO) Dual WAN Load Balancing Gigabit VPN Router with RADIUS / ldap Support Recommendations



  • Hey everyone! I am having a horrible time trying to find a good device with the above qualifications for under 1k. Does anyone have any recommendations or should I just go back to a software VPN server?

    We do have quite a few port forwards setup, our current RV082 is maxed out at 30 (I think), so this may be a deciding factor as well.

    We have seen some peplink (availability scarce) and mushroom networks (seems good but I don't have any first hand experience) devices that seem like they will work. What are your thoughts? Thanks for the help!

    EDIT: Thanks for the questions, here are the answers.

    • We don't need site-to-site VPN, only client VPN.
    • We would like to not have to use a 3rd part software client. We would prefer to use built-in windows connection


  • Inbound VPN? OpenVPN or PPTP? Mushroom supports OpenVPN, Peplink only does PPTP. Every vendor supports outbound IPSec tunnels.

    You can easily get Peplink gear from anywhere. I buy them a lot, easy to get one in a few days. My usual vendor has them right now:

    http://www.ispsupplies.com/brands/Multi-WAN-Routers/PEPLINK-BALANCE-20.html

    The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.



  • "Prosumer" usually refers to audio and video stuff... I think you mean "SOHO".

    An RV082 is SOHO gear, so if it is maxed out, you might need big boy enterprise type gear.



  • @RojoLoco Thanks for the correction. I have always just referred to it as Prosumer, but if SOHO is the correct term, I will start using that. Thanks!



  • @Brains said:

    @RojoLoco Thanks for the correction. I have always just referred to it as Prosumer, but if SOHO is the correct term, I will start using that. Thanks!

    I read "prosumer", then a bunch of networking terms.... confusing.



  • @PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

    @PSX_Defector said:

    The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

    20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.



  • @Brains said:

    @PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

    @PSX_Defector said:

    The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

    20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.

    Well, it was a Peplink 300, which is very very old and one of their first devices. It was replaced with the 310, which supports ~350Mbps.

    http://www.peplink.com/products/balance/model-comparison/

    You could go with a ONE or 310. The 310 supports more fun stuff, although I would seriously consider picking up a 305.

    For your VPN client, I'm guessing you are using RRAS on Windows or have in the past. PPTP is the protocol used by RRAS and Peplink's VPN daemon. So if you are using it now, it's pretty easy to implement. Keep in mind PPTP is pretty weak security wise, you might want to still get an OpenVPN service behind the firewall to make a more secure method of connection.



  • @PSX_Defector said:

    @Brains said:

    @PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

    @PSX_Defector said:

    The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

    20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.

    Well, it was a Peplink 300, which is very very old and one of their first devices. It was replaced with the 310, which supports ~350Mbps.

    http://www.peplink.com/products/balance/model-comparison/

    You could go with a ONE or 310. The 310 supports more fun stuff, although I would seriously consider picking up a 305.

    For your VPN client, I'm guessing you are using RRAS on Windows or have in the past. PPTP is the protocol used by RRAS and Peplink's VPN daemon. So if you are using it now, it's pretty easy to implement. Keep in mind PPTP is pretty weak security wise, you might want to still get an OpenVPN service behind the firewall to make a more secure method of connection.

    we really don't have too many VPN users, just IT Staff and the marketing director. Occasionally other users, but not often. So adopting a new protocol is not very difficult for us. I would like your best recommendation for configuration so that I can research it and integrate that into my report.

    The Peplink 305s were over $1500 each from the distributors we called. Have you found them cheaper?



  • @Brains said:

    we really don't have too many VPN users, just IT Staff and the marketing director. Occasionally other users, but not often. So adopting a new protocol is not very difficult for us. I would like your best recommendation for configuration so that I can research it and integrate that into my report.

    Roll your own OpenVPN server:

    https://openvpn.net/index.php/open-source/documentation/howto.html

    Much more secure and pretty simple to deploy to a few devices. This would require a client to be installed on the machine, but that's easy enough.



  • We always ran our own OpenVPN server, never used them from appliances. Way more powerful and flexible.



  • @Brains said:

    The Peplink 305s were over $1500 each from the distributors we called. Have you found them cheaper?

    Nope, that's the price.

    The 305 supports 1Gbps worth of total bandwidth and much more L2L VPN bandwidth. Plus a bunch of other fancy tricks.

    If you are just needing some way to bond two pipes together, like with the RV082, then go with the ONE. If you need anything more than that, go straight to the 305 or 380 even.



  • @PSX_Defector Thanks for your help! I appreciate it



  • @scottalanmiller yea I would much rather spin up a Linux install and run pfsense/openVPN or something similar. Unfortunately that is not an option for me.



  • @PSX_Defector One more question. Do you know what the limit is for maximum port forwarding entries on the BPL-ONE? We are currently capped at 30.

    EDIT - I called their support (GO CDT TIMEZONE COMPANIES!!). Tech support was VERY helpful and said there were no restrictions.



  • My 100/20 pipe runs me $320/month, I can do better with a contract instead of month to month. Considering that, $1500 doesn't seem unreasonable for something than should last you at least 3 years short of outgrowing it.


  • Banned

    Pfsense will meet your needs as well if you aren't looking for an appliance.



  • @Brains said:

    Unfortunately that is not an option for me.

    What are your limitations? and can you tell us why they exist?



  • @Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.



  • @Brains said:

    @Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

    Especially as pfSense isn't Linux 🙂



  • @scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option



  • @Brains said:

    @scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option

    pfSense is BSD. VyOS is normally what's recommended if you want to do routing on pc hardware. I'm still getting to know how to work it myself.



  • @travisdh1 ahh ok sorry I thought Scott meant its windows and Unix based. I assumed it was Linux, but I guess its BSD. I haven't had any hands on experience with BSD, and while there may be a shot at getting some Linux in our environment for an upgrade to NGINX and Apache, I don't think I could swing BSD in addition to it.



  • @Brains said:

    @scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option

    pf is the name of the FreeBSD firewall. pfSense is a package of FreeBSD and with a web GUI for managing pf.


  • Banned

    @travisdh1 said:

    @Brains said:

    @scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option

    pfSense is BSD. VyOS is normally what's recommended if you want to do routing on pc hardware. I'm still getting to know how to work it myself.

    VyOS is great if you know Cisco IOS commands, sounds like they would rather manage things with a GUI though.



  • @scottalanmiller said:

    @Brains said:

    @Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

    Especially as pfSense isn't Linux 🙂

    yeah yeah - it's not Linux.. but Scott know that's not what @Brains was really meaning, @Brains was really meaning anything non Windows or not whole solution in a box that's managed by a GUI - which you can tell Scott knows that by the little smilie.

    😛



  • @Brains said:

    @Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

    I just don't understand why they are being so cheap on the hardware? Seriously, it's worth putting your company at risk, or have lower performance on your 200 Mb pipe over a few hundred lowesy dollars? If that's true, why not save some bucks and lower that internet pipe to 100 Mb or even lower?


  • Banned

    @Dashrender said:

    @Brains said:

    @Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

    I just don't understand why they are being so cheap on the hardware? Seriously, it's worth putting your company at risk, or have lower performance on your 200 Mb pipe over a few hundred lowesy dollars? If that's true, why not save some bucks and lower that internet pipe to 100 Mb or even lower?

    How are 30 users even using a 200mb connection, unless your letting everyone stream video?



  • Buy an ERL and pay me to set it up. You will come in under $1000 unless you cannot give clear requirements (which I highly expect to be the case).


  • Banned

    @JaredBusch said:

    Buy an ERL and pay me to set it up. You will come in under $1000 unless you cannot give clear requirements (which I highly expect to be the case).

    Bahahahahaha.



  • @Brains said:

    It looks like we are going to settle with the LRT224 due to cost concerns....

    Waste of money. Had one, got rid of it because it wasn't powerful enough to handle what I wanted to do.

    Better off getting a Mikrotik if price is a concern. $70 for much more useful hardware.