ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    (SOHO) Dual WAN Load Balancing Gigabit VPN Router with RADIUS / ldap Support Recommendations

    Scheduled Pinned Locked Moved IT Discussion
    vpnroutergigabitradiusldapload balancingdual wan
    37 Posts 8 Posters 7.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BrainsB
      Brains @PSX_Defector
      last edited by

      @PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

      @PSX_Defector said:

      The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

      20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.

      PSX_DefectorP 1 Reply Last reply Reply Quote 0
      • PSX_DefectorP
        PSX_Defector @Brains
        last edited by

        @Brains said:

        @PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

        @PSX_Defector said:

        The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

        20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.

        Well, it was a Peplink 300, which is very very old and one of their first devices. It was replaced with the 310, which supports ~350Mbps.

        http://www.peplink.com/products/balance/model-comparison/

        You could go with a ONE or 310. The 310 supports more fun stuff, although I would seriously consider picking up a 305.

        For your VPN client, I'm guessing you are using RRAS on Windows or have in the past. PPTP is the protocol used by RRAS and Peplink's VPN daemon. So if you are using it now, it's pretty easy to implement. Keep in mind PPTP is pretty weak security wise, you might want to still get an OpenVPN service behind the firewall to make a more secure method of connection.

        BrainsB 1 Reply Last reply Reply Quote 1
        • BrainsB
          Brains @PSX_Defector
          last edited by Brains

          @PSX_Defector said:

          @Brains said:

          @PSX_Defector I am admittedly not the most knowledgeable when it comes to VPN. We would prefer for Windows to handle the connection to the VPN without additional software and configurations. What would you recommend?

          @PSX_Defector said:

          The other part to keep in mind is the bandwidth limits on these things. I found out the hard way my Peplink had a 20Mbps cap on how much data could flow through it. After I got an RV082, I hit the ~50Mbps limit on that one, then the RV042's 100Mbps limit. I had to go up to using a Mikrotik to support the large ass circuits I was getting from AT&T and TWC.

          20Mbps cap??? Really? Wow. We would like one that can handle our new 200/15 Mbps connection.

          Well, it was a Peplink 300, which is very very old and one of their first devices. It was replaced with the 310, which supports ~350Mbps.

          http://www.peplink.com/products/balance/model-comparison/

          You could go with a ONE or 310. The 310 supports more fun stuff, although I would seriously consider picking up a 305.

          For your VPN client, I'm guessing you are using RRAS on Windows or have in the past. PPTP is the protocol used by RRAS and Peplink's VPN daemon. So if you are using it now, it's pretty easy to implement. Keep in mind PPTP is pretty weak security wise, you might want to still get an OpenVPN service behind the firewall to make a more secure method of connection.

          we really don't have too many VPN users, just IT Staff and the marketing director. Occasionally other users, but not often. So adopting a new protocol is not very difficult for us. I would like your best recommendation for configuration so that I can research it and integrate that into my report.

          The Peplink 305s were over $1500 each from the distributors we called. Have you found them cheaper?

          PSX_DefectorP 2 Replies Last reply Reply Quote 0
          • PSX_DefectorP
            PSX_Defector @Brains
            last edited by

            @Brains said:

            we really don't have too many VPN users, just IT Staff and the marketing director. Occasionally other users, but not often. So adopting a new protocol is not very difficult for us. I would like your best recommendation for configuration so that I can research it and integrate that into my report.

            Roll your own OpenVPN server:

            https://openvpn.net/index.php/open-source/documentation/howto.html

            Much more secure and pretty simple to deploy to a few devices. This would require a client to be installed on the machine, but that's easy enough.

            1 Reply Last reply Reply Quote 1
            • scottalanmillerS
              scottalanmiller
              last edited by scottalanmiller

              We always ran our own OpenVPN server, never used them from appliances. Way more powerful and flexible.

              BrainsB 1 Reply Last reply Reply Quote 1
              • PSX_DefectorP
                PSX_Defector @Brains
                last edited by

                @Brains said:

                The Peplink 305s were over $1500 each from the distributors we called. Have you found them cheaper?

                Nope, that's the price.

                The 305 supports 1Gbps worth of total bandwidth and much more L2L VPN bandwidth. Plus a bunch of other fancy tricks.

                If you are just needing some way to bond two pipes together, like with the RV082, then go with the ONE. If you need anything more than that, go straight to the 305 or 380 even.

                BrainsB 2 Replies Last reply Reply Quote 1
                • BrainsB
                  Brains @PSX_Defector
                  last edited by

                  @PSX_Defector Thanks for your help! I appreciate it

                  1 Reply Last reply Reply Quote 0
                  • BrainsB
                    Brains @scottalanmiller
                    last edited by

                    @scottalanmiller yea I would much rather spin up a Linux install and run pfsense/openVPN or something similar. Unfortunately that is not an option for me.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • BrainsB
                      Brains @PSX_Defector
                      last edited by Brains

                      @PSX_Defector One more question. Do you know what the limit is for maximum port forwarding entries on the BPL-ONE? We are currently capped at 30.

                      EDIT - I called their support (GO CDT TIMEZONE COMPANIES!!). Tech support was VERY helpful and said there were no restrictions.

                      1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender
                        last edited by

                        My 100/20 pipe runs me $320/month, I can do better with a contract instead of month to month. Considering that, $1500 doesn't seem unreasonable for something than should last you at least 3 years short of outgrowing it.

                        1 Reply Last reply Reply Quote 1
                        • J
                          Jason Banned
                          last edited by

                          Pfsense will meet your needs as well if you aren't looking for an appliance.

                          1 Reply Last reply Reply Quote 2
                          • DashrenderD
                            Dashrender @Brains
                            last edited by

                            @Brains said:

                            Unfortunately that is not an option for me.

                            What are your limitations? and can you tell us why they exist?

                            BrainsB 1 Reply Last reply Reply Quote 1
                            • BrainsB
                              Brains @Dashrender
                              last edited by

                              @Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

                              scottalanmillerS DashrenderD PSX_DefectorP 3 Replies Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Brains
                                last edited by

                                @Brains said:

                                @Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

                                Especially as pfSense isn't Linux 🙂

                                BrainsB DashrenderD 2 Replies Last reply Reply Quote 2
                                • BrainsB
                                  Brains @scottalanmiller
                                  last edited by

                                  @scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option

                                  travisdh1T scottalanmillerS 2 Replies Last reply Reply Quote 0
                                  • travisdh1T
                                    travisdh1 @Brains
                                    last edited by

                                    @Brains said:

                                    @scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option

                                    pfSense is BSD. VyOS is normally what's recommended if you want to do routing on pc hardware. I'm still getting to know how to work it myself.

                                    BrainsB J 2 Replies Last reply Reply Quote 1
                                    • BrainsB
                                      Brains @travisdh1
                                      last edited by

                                      @travisdh1 ahh ok sorry I thought Scott meant its windows and Unix based. I assumed it was Linux, but I guess its BSD. I haven't had any hands on experience with BSD, and while there may be a shot at getting some Linux in our environment for an upgrade to NGINX and Apache, I don't think I could swing BSD in addition to it.

                                      1 Reply Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller @Brains
                                        last edited by

                                        @Brains said:

                                        @scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option

                                        pf is the name of the FreeBSD firewall. pfSense is a package of FreeBSD and with a web GUI for managing pf.

                                        1 Reply Last reply Reply Quote 3
                                        • J
                                          Jason Banned @travisdh1
                                          last edited by

                                          @travisdh1 said:

                                          @Brains said:

                                          @scottalanmiller Isn't it both? We wouldn't want to buy a server license for it, so Linux would be my only option

                                          pfSense is BSD. VyOS is normally what's recommended if you want to do routing on pc hardware. I'm still getting to know how to work it myself.

                                          VyOS is great if you know Cisco IOS commands, sounds like they would rather manage things with a GUI though.

                                          BrainsB 1 Reply Last reply Reply Quote 1
                                          • DashrenderD
                                            Dashrender @scottalanmiller
                                            last edited by

                                            @scottalanmiller said:

                                            @Brains said:

                                            @Dashrender The IT Director does not want additional complexity (solid windows environment) and my staff is not Linux trained so there is a knowledge gap that would exist. Unfortunately I cant really do anything about that and I do not have time to be the main tech support whenever something breaks with the system. I have to work within the system I have. It looks like we are going to settle with the LRT224 due to cost concerns.... Thanks for your help though, I would much rather go with the Peplink ONE, but the $300 ($600 since we like to have a backup) price difference is enough to make a difference at this time.

                                            Especially as pfSense isn't Linux 🙂

                                            yeah yeah - it's not Linux.. but Scott know that's not what @Brains was really meaning, @Brains was really meaning anything non Windows or not whole solution in a box that's managed by a GUI - which you can tell Scott knows that by the little smilie.

                                            😛

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post