Replacement for Linksys WRV54G?

Question

I work at a small company that has two offices, each with its own Business DSL connection to the Internet. In order to create a LAN between the two offices, my predecessor purchased and installed two Linksys WRV54G Wireless VPN Broadband Routers to provide a hardware solution to make the computers at both locations see each other and think they are on the same LAN.

Despite keeping up with every firmware update, I still finding myself driving to one office or the other (it's almost always the office I am not at) about once or twice a week to power-cycle its router to either get the wireless part working again for somebody's laptop, or to get the Internet gateway part working again. The VPN tunnel always seems to stay up, however.

I am looking to replace these WRV54Gs with something (perhaps multiple pieces of hardware) that can perform all the functions of the WRV54Gs, but that don't misbehave so much. It will be easy to just pick up a wireless access point off the shelf. It will be similarly easy to pick up a couple 8-port switches off the shelf. The real trouble is that I can't seem to find any hardware to do the VPN part. I want this to be completely hands-off the workstations, so it has to be a hardware solution.

What type of router can I use to work as an Internet gateway for our Business DSL connections, as well as be the endpoint of a VPN tunnel that, for lack of better terms, fools windows into thinking that the remote LAN is actually local?

Answer 1

You could use pfSense it has many features:

• Firewall
• Network Address Translation (NAT)
• Redundancy
• Load Balancing Reporting and Monitoring

• RRD Graphs

  The RRD graphs in pfSense maintain historical information on the following.

  • CPU utilization
  • Total throughput
  • Firewall states
  • Individual throughput for all interfaces
  • Packets per second rates for all interfaces
  • WAN interface gateway(s) ping response times
  • Traffic shaper queues on systems with traffic shaping enable
• VPN
  • IPsec
  • PPTP
  • OpenVPN

• Dynamic DNS

  Through:

  • DynDNS
  • DHS
  • DyNS
  • easyDNS
  • No-IP
  • ODS.org
  • ZoneEdit
• Captive Portal
• DHCP Server and Relay

It has a nice, easy to use web-based configuration, just look at the screen-shots.

Best of all you can build it yourself with commodity hardware, and it's Open Source.

Answer 2

If you aren't ready to purchase business grade routers (I am guessing they might be too expensive based on the previous usage of the WRV54G), I'd recommend a router that runs dd-wrt.

http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=dd-wrt&x=0&y=0

dd-wrt is a custom firmware which supports a lot of great features including VPN. I use them at home with a linksys WRT54GL which currently has an uptime of 60 days. dd-wrt uses OpenVPN which supports linking two offices. This solution is a little more manual and involved, but it is cheap and has been rock steady for me.

Answer 3

I would highly recommend you utilize Sonicwall TZ210 appliances to replace your Linksys WRV54Gs. The Sonicwall TZ210 has built-in Wireless N, 7 Ethernet Interfaces, as well easily support your Site-to-Site VPN configuration required between your two locations. I have personally used these unit as well as the older TZ170 & TZ180 appliances to execute your exact same requirements. The TZ210 also has the capability of handling both Client VPN Termination for Work@Home users, Reporting on Bandwidth Abuse, and UTM (Unified Threat Management).

Answer 4

If you are willing to shell out the cash, a lot of Cisco routers can do this with a site-to-site VPN IPSEC tunnel. I know my 2800s do.

Answer 5

If you enable web-access (on the router) maybe you could powercycle by connecting via web-browser.

Also, I believe you can install DDWRT on the WRV54G.

Answer 6

There are several option with different capabilities.

(In order of my preference.)

• Cisco 1800 router. This is all good, just a few things to set up and you are ready to go. It is stable, but not the cheapest. (You can buy more devices instead of one, as someone suggested earlier.)
• Mikrotik. Not as good as the first one, but it is easy to set up and quite stable. It is cheaper than Cisco, bit slower and not as much features.
• Linksys anything. I do not recommend this. It is a bit better if you can use some OpenSource firmware, but even then it sucks. Not reliable, unstable. Other vendor like dlink smc .... are the same if not worse (they can be OK for home use, but as the load increases on the devices it will hang).
• PC with some software. You can try this but in this case you have to set up and maintain everything (all software) if you are not familiar with this then you should not try. You can try some appliance like software, then it can be easier.

Answer 7

I like the Secure Computing SnapGear 300/310s (Now Owned by McAfee) for this scale of point to point VPN. You can find them online for under $300 each. They will handle your VPN and firewall needs perfectly and are easy to configure with a nice web interface. They are linux based and you have access to the IP Tables if you really want.

Also, if you are looking for a wireless access points to go with the firewall I would check out the Netgear WG104 for about $130. You could always get a combo "ProSafe" brand device from Netgear that can do the VPN and wireless but I really like the SnapGear and separate WAP a lot better. We have a dozen or so setups out in the field.

I also like this setup way better than any firewall from the SonicWall TZ Series - less restrictive licensing, less costly and much more intuitive interface.

Answer 8

Get some real security first off on your edge and have an inbound and outbound policy in place. For a small business with less than 10 hosts, a Cisco ASA 5505 or for cheaper and something thats EOS and coming near to EOL but great a Cisco Pix 501.

These devices can limit what is also going over your Lan2Lan VPN tunnels and also the internet when applying policies to the interfaces.

For excellent wireless reception and the dedicated device for that, A Cisco Aironet 1200 for indoor reception. You won't get anything better with a wireless AP/Root/Bridge than those Aironets. These AP also have features like SPF so wireless hosts can't talk to other wireless hosts. In addition, you can VLAN the wireless interface! Which means you can broadcast mutliple SSID with different security settings and segment your networks just like a switch. A great device and not terribly expensive if you look.

A Cisco Router would not be feasable because you are not doing heavy routing. The firewalls can do all the work since they are robust enough.

Answer 9

Maybe you can affort a SSG20 (or at least the SSG5 without wifi) from Juniper Networks with the Wireless option, Juniper make very good and secure products with high perfs. This would certainly be my choice having in the past worked with Juniper Netscreen products and now with SSG series.

Answer 10

Maybe it's just that model of router that is the issue.

I use the Linksys RV042 routers. I can't remember the last time I had to power cycle them (6 months plus atleast). I have 3 sites that connect back to a primary site all using RV042's.

The only time the VPN between the routers goes down is when one of the remote site's IP addresses changes. This is because the ISP for those sites does not offer static IP's for a decent price.

Part two of this is I have Logmein installed on all the computers on the remote sites. (there are desktops there) So when the router's IP address changes at the remote site, the internet still works. This means Logmein can still connect and I can still login to a deskop at the remote site, remotely. I then from this desktop login to the router since the internal IP is still the same, and reset the VPN. This happens maybe 2x year to me.

Also with using logmein I can remotely work on anyone's computer as long as its connected to the internet, even if the its not connected to the servers correctly or if the user is at home.

Answer 11

I agree that Sonicwall is a great solution, but you can still have a look at other options like Fortinet FortiGate 60B or Vyatta 514.

You may also find this question useful.

Answer 12

I recommend the Snapgear SG300/SG310. They are a bit cheaper than the SonicWall units and they do IPSEC site to site very well. They also support PPTP VPNs so you don't have to install anything special on client PCs that need to remote in (SonicWall requires you have the SonicWall VPN client). The SG310 has more memory than the SG300 so it can run the newer 4.0 software.

That being said the SonicWall units are also very good, especially if you need an anti-virus solution. The enforce antivirus and gateway antivirus works very good and is much less of a pain than most other corporate antivirus software.

Answer 13

As recomended Sonicwall has some very nice appliances out there. But they tend to be on the high side of pricing.

But staying in the low end on the price range, Linksys makes some very nice business class devices. I've used the WRV200 in a few locations and it's worked flawlessly. I ahd one at my home for a while and I only ever needed to restart it once in 6 months for an ISP change.

This gives you your wireless, also give you VPN support and VLAN support. There is also a newer modal that has gigabit support with wired connections.

Answer 14

I have always found that the Netgear products seem to be more stable than the Linksys. They have a small business class that may be what you are looking for: Wireless VPN Firewalls

Answer 15

I've used the NETGEAR WGR614L router with dd-wrt installed. Although I haven't used the VPN features of it I've found it to be much more stable then any other router running the default firmware.