(SOHO) Dual WAN Load Balancing Gigabit VPN Router with RADIUS / ldap Support Recommendations

Brains

Hey everyone! I am having a horrible time trying to find a good device with the above qualifications for under 1k. Does anyone have any recommendations or should I just go back to a software VPN server?

We do have quite a few port forwards setup, our current RV082 is maxed out at 30 (I think), so this may be a deciding factor as well.

We have seen some peplink (availability scarce) and mushroom networks (seems good but I don't have any first hand experience) devices that seem like they will work. What are your thoughts? Thanks for the help!

EDIT: Thanks for the questions, here are the answers.

• We don't need site-to-site VPN, only client VPN.
• We would like to not have to use a 3rd part software client. We would prefer to use built-in windows connection

PSX_Defector

Inbound VPN? OpenVPN or PPTP? Mushroom supports OpenVPN, Peplink only does PPTP. Every vendor supports outbound IPSec tunnels.

You can easily get Peplink gear from anywhere. I buy them a lot, easy to get one in a few days. My usual vendor has them right now:

http://www.ispsupplies.com/brands/Multi-WAN-Routers/PEPLINK-BALANCE-20.html

The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

RojoLoco

"Prosumer" usually refers to audio and video stuff... I think you mean "SOHO".

An RV082 is SOHO gear, so if it is maxed out, you might need big boy enterprise type gear.

Brains

@RojoLoco Thanks for the correction. I have always just referred to it as Prosumer, but if SOHO is the correct term, I will start using that. Thanks!

RojoLoco

@Brains said:

@RojoLoco Thanks for the correction. I have always just referred to it as Prosumer, but if SOHO is the correct term, I will start using that. Thanks!

I read "prosumer", then a bunch of networking terms.... confusing.

Brains

@PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

@PSX_Defector said:

The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.

PSX_Defector

@Brains said:

@PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

@PSX_Defector said:

The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.

Well, it was a Peplink 300, which is very very old and one of their first devices. It was replaced with the 310, which supports ~350Mbps.

http://www.peplink.com/products/balance/model-comparison/

You could go with a ONE or 310. The 310 supports more fun stuff, although I would seriously consider picking up a 305.

For your VPN client, I'm guessing you are using RRAS on Windows or have in the past. PPTP is the protocol used by RRAS and Peplink's VPN daemon. So if you are using it now, it's pretty easy to implement. Keep in mind PPTP is pretty weak security wise, you might want to still get an OpenVPN service behind the firewall to make a more secure method of connection.

Brains

@PSX_Defector said:

@Brains said:

@PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

@PSX_Defector said:

The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.

Well, it was a Peplink 300, which is very very old and one of their first devices. It was replaced with the 310, which supports ~350Mbps.

http://www.peplink.com/products/balance/model-comparison/

You could go with a ONE or 310. The 310 supports more fun stuff, although I would seriously consider picking up a 305.

For your VPN client, I'm guessing you are using RRAS on Windows or have in the past. PPTP is the protocol used by RRAS and Peplink's VPN daemon. So if you are using it now, it's pretty easy to implement. Keep in mind PPTP is pretty weak security wise, you might want to still get an OpenVPN service behind the firewall to make a more secure method of connection.

we really don't have too many VPN users, just IT Staff and the marketing director. Occasionally other users, but not often. So adopting a new protocol is not very difficult for us. I would like your best recommendation for configuration so that I can research it and integrate that into my report.

The Peplink 305s were over $1500 each from the distributors we called. Have you found them cheaper?

PSX_Defector

@Brains said:

we really don't have too many VPN users, just IT Staff and the marketing director. Occasionally other users, but not often. So adopting a new protocol is not very difficult for us. I would like your best recommendation for configuration so that I can research it and integrate that into my report.

Roll your own OpenVPN server:

https://openvpn.net/index.php/open-source/documentation/howto.html

Much more secure and pretty simple to deploy to a few devices. This would require a client to be installed on the machine, but that's easy enough.

scottalanmiller

We always ran our own OpenVPN server, never used them from appliances. Way more powerful and flexible.

PSX_Defector

@Brains said:

The Peplink 305s were over $1500 each from the distributors we called. Have you found them cheaper?

Nope, that's the price.

The 305 supports 1Gbps worth of total bandwidth and much more L2L VPN bandwidth. Plus a bunch of other fancy tricks.

If you are just needing some way to bond two pipes together, like with the RV082, then go with the ONE. If you need anything more than that, go straight to the 305 or 380 even.

Brains

@PSX_Defector Thanks for your help! I appreciate it

Brains

@scottalanmiller yea I would much rather spin up a Linux install and run pfsense/openVPN or something similar. Unfortunately that is not an option for me.

Brains

@PSX_Defector One more question. Do you know what the limit is for maximum port forwarding entries on the BPL-ONE? We are currently capped at 30.

EDIT - I called their support (GO CDT TIMEZONE COMPANIES!!). Tech support was VERY helpful and said there were no restrictions.

Dashrender

My 100/20 pipe runs me $320/month, I can do better with a contract instead of month to month. Considering that, $1500 doesn't seem unreasonable for something than should last you at least 3 years short of outgrowing it.

Jason

Pfsense will meet your needs as well if you aren't looking for an appliance.

Dashrender

@Brains said:

Unfortunately that is not an option for me.

What are your limitations? and can you tell us why they exist?

Brains

@Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

scottalanmiller

@Brains said:

@Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

Especially as pfSense isn't Linux

Brains

@scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option