REVIEW: Best VPN routers for small business

16.11.2015
We looked at six VPN routers designed for small businesses, ranging from the popular Cisco brand to lesser-known names like DrayTek and UTT Technologies. We setup and evaluated each to determine how they compare in regards to price, features, and user-friendliness.

When choosing a VPN router, you want to pick one that supports the VPN protocol of your choice. If you’re look for an IPSec VPN, consider those that provide a way to simplify the configuration, such as the Cisco, Linksys or Netgear units. If you’re looking for a wide variety of VPN options, consider D-Link.

If you’re looking for an inexpensive option, consider UTT Technologies. And if you’re looking for unique features, consider the DrayTek unit, or their other models with integrated Wi-Fi, fiber, or VoIP support.

Here are the individual reviews (see photos of the products in this slideshow):

The Cisco RV325 is a Dual Gigabit WAN VPN Router with a price of $468, but it can be found online for less than $300. It is the top model from Cisco’s small business RV VPN router series. A couple of the lower models have Wi-Fi included, although this model doesn’t.

This Cisco unit supports up to 50 IPSec tunnels, either site-to-site or client-to-site connections, with an advertised IPSec throughput of around 100Mbps. The PPTP and SSL VPN servers both support up to 10 simultaneous client-to-site tunnels each.

In the box, you’ll find an Ethernet cable, power adapter, quick start guide, and a CD with full documentation. Also included are L brackets for mounting in a standard 19-inch rack.

The unit measures about 9 ½ inches wide, 2 inches high, and 7 inches deep. The outer case is mostly gray metal. On the back side of the unit is the power input and switch. On the bottom are pre-applied non-slick pads for desk or shelf placement along with holes for wall mounting.

On the front of the unit, you find the status lights, 14 switch ports, two WAN ports, and reset button. You also find one USB port on the front and a second on the side, both of which can be used for either 3G Internet failover or maintenance usage.

After logging into the web GUI, you’re met with the Getting Started page with shortcuts to run the setup wizard, set initial settings, and other common pages. The basic setup wizard helps you configure the WAN ports and the access rule wizard helps you add firewall rules. The main menu for the GUI is on the left, categorized into a couple expandable lists. From any page, you can click the Help shortcut in the upper-right corner, which brings up a description of the settings on that particular page.

While going through the VPN settings, we found the unit supports the Cisco Easy VPN solution that simplifies the configuration of remote VPN users. However, we found the only site-to-site VPN option is IPSec. It would be nice to see other site-to-site options, as IPSec is never the simplest to configure.

After evaluating the unit, we found the GUI to be simple and straightforward. This is a solid unit with the most common VPN router features and functionality.

The D-Link DSR-250 is an eight-port Gigabit VPN router with a list price of $189.99, but can be found online for around $115. It is one of several models in the DSR line. Like the other models, there is a wireless version of this unit that adds 802.11n Wi-Fi.

This D-Link model supports six VPN types. It supports up to 25 simultaneous site-to-site or client-to-site IPSec connections with a max throughput of around 50Mbps. The SSL VPN supports up to 5 tunnels. Also included is a server and client for both PPTP and L2TP VPN connections, supporting up to 25 tunnels. An OpenVPN server and client supports up to 5 tunnels. Lastly, the unit supports up to 10 GRE tunnels, enabling remote networks to receive the LAN broadcast traffic.

Along with the DSR-250 unit, in the box you’ll find a power adapter, Ethernet cable, and Ethernet-to-serial console cable. You won’t find any install guide like most other vendors include. However, the CD includes PDFs of the install guide and full manual.

The unit measures about 7½ inches wide, 1½ inches high, and 5 inches deep. The outer case is all black finished metal with the vendor name embossed on the top.

On the front of the unit, you’ll find a USB 2.0 port for 3G Internet failover, file or printer sharing, or maintenance usage. Plus there are eight Gigabit switch ports, a Gigabit WAN port, and an Ethernet port for console access. There’s a simple power light and then activity lights for the ports. There are no wall mounting holes, nor mounting bracket included; just the small non-slick pads you can apply to the bottom of the unit if you’re placing it on a table or shelf.

After logging into the web GUI, you’re met with the status dashboard, sporting a couple graphs of traffic and resource stats.

You can optionally click the Wizard link in the upper-right corner of the GUI to run one of the wizards to configure different settings. Hovering over the menu categories on the top of the GUI pops up a listing of all the setting pages in that particular category. In the upper-right corner of each setting page, you see a question mark button, which you can click to bring up the help on that particular page.

The GUI is attractive and straightforward, but some improvements could make it even more user-friendly. For instance, you must manually input all of the IP and DHCP settings for the subnets of VLANs you add. Many routers automate or pre-configure most of these settings for you when adding VLANs.

In addition to the typical VPN router features, this unit supports Intel AMT to enable the management of computers when powered off or when lacking a hard drive or OS. It also supports dynamic web content filtering, but requires purchasing a subscription at approximately $60 per year.

Overall, this D-Link unit is a feature-rich router. It supports a wide variety of VPN options, offers USB file and printer sharing, and supports dynamic web content filtering. Our gripe about the GUI is minor.

The DrayTek Vigor2925, priced at $288, is a dual-WAN Gigabit VPN router offering five switch ports. It is one of many models provided by DrayTek, each of which offer a few different editions to support varying Wi-Fi standards, fiber connections, and VoIP support. We choose to include its basic edition, which lacks those extra functionalities.

This unit supports up to 50 concurrent VPN tunnels via site-to-site or client-to-site with IPSec, PPTP, or L2TP. IPSec tunnels are rating at 50Mbps for throughput. The SSL VPN server supports up to 25 client-to-site tunnels.

In the box along with the unit, you’ll find a quick start guide, CD with full documentation, Ethernet cable, and a power adapter.

Its black plastic body measures about 9 ½ inches wide, 1 ½ inches high, and 6 ½ inches deep. On the front, you’ll find all the status lights and ports, except for the power input and switch on the back. On the front-left is the factory reset button, status lights, and two USB 2.0 ports for 3G Internet failover, file sharing via SMB or FTP, or printer sharing. Then there’s two WAN ports and also five switch ports. On the bottom of the unit are non-slip pads and also four holes for optional wall mounting.

After plugging in the unit, we didn’t get Internet access right away. Unlike most routers, the WAN connections aren’t set to get a dynamic IP by default. You have to go into the web GUI to enable that. If you have a static IP, this doesn’t matter, but if you have a dynamic IP, it’s a little inconvenient.

After logging into the web GUI, you’re taken to the dashboard page showing the main stats along with an image representing the front of the router and it’s status lights. You aren’t prompted by any wizards, but they do offer a few, accessible from the top portion of the main menu on the left.

The collapsible main menu on the left is organized into categories that display related pages when you click on them. Some pages also have multiple tabs you can click through. Some pages have an info or help button you can click to get more info, but it is not consistent throughout the GUI. The GUI could also use some more organization and sprucing up to make it more attractive and user-friendly.

We found this DrayTek unit to be feature-rich, supporting all the major VPN solutions except OpenVPN. In addition to the features typically found in VPN routers, it includes dynamic web filtering, central VPN and wireless access point management, and FTP access (in addition to SMB) for the USB-based file sharing. It also has some unique functionality as well, such as support for temperature monitoring via a USB sensor.

The Linksys LRT224 is a Gigabit four-port dual-WAN VPN router with a list price of $249.99, but is available online for around $175. It is one of the two business-class VPN routers they offer. The other model (LRT214) is very similar, but lacks the dual WAN ports along with WAN load balancing and failover that the LRT224 offers.

This Linksys unit supports up to 45 IPSec tunnels, either site-to-site or client-to-site connections, which they claim has a max throughput of 110Mbps —the highest among the routers we reviewed. The PPTP-based VPN server supports up to five concurrent users. The OpenVPN server supports up to five incoming client-to-site tunnels and the OpenVPN client allows you to perform a site-to-site connection.

The unit also includes its new EasyLink VPN feature, designed to simplify site-to-site IPSec tunnels, which thus far is only supported by this and the other LRT model. The server supports up to five simultaneous incoming connections via a single username and password and then the client supports one outbound connection.

Inside the box you’ll find a power adapter, Ethernet cable, quick installation guide, and a CD with the full documentation in addition to the unit itself.

The unit measures about 5 inches wide, 1 ½ inches high, and 7 ½ inches deep. It’s metal case sports Linksys’s black and blue color scheme. The unit can be sat down for desktop/shelf placement or can be mounted on the wall using the two built-in mounting holes on the bottom/back of the unit.

On the front top area are the LED status lights for the system, diagnostics, WAN, WAN/DMZ, VPN, and the four switch ports. On the back side are the Gigabit Ethernet ports: four switch ports, WAN port, and a WAN/DMZ port.

After logging into web-based admin interface, you’re met with the System Status page on their tabbed GUI. There you can review the main stats and optionally launch their Setup Wizard, which prompts you to set the WAN, LAN, time, and password settings. You can also access the Setup Wizard by clicking the Quick Start tab.

The majority of settings are accessible via the Configuration tab, which contains sub-tabs categorized on the menu to the left of the page. The Maintenance tab also contains a couple sub-tabs of tools. The last tab, called Support, is just a simple page offering shortcuts to Linksys’s main business product and support pages. It would be more useful if these led directly to this particular model’s product and support pages, however.

On the top of the web GUI you’ll find the Help link, which conveniently brings up the documentation for settings of the page you’re currently on. This pops up a browser window, but the content comes from the router, thus it’s accessible off-line and is printer friendly as well. You can also browse and search through the help content too. Also handy on the top of the web GUI is the Page Width selector, allowing you to easily change between page sizes.

This Linksys unit seems to be a solid choice for those wanting IPSec VPN, as they advertise the highest throughout among the routers in this review and offer simplified configuration. However keep in mind, it provides no browser-based SSL VPN functionality and the max amount of PPTP VPN tunnels is only five.

The Netgear FVS336G is a dual-WAN VPN server that costs $425, but can be found online for around $230. It is Netgear's middle-of-the-road option when compared to its other VPN routers. The model under this offers only one WAN connection, supports less VPN tunnels, and lacks SSL VPN, but a wireless model is also offered. The model above this one supports up to four WAN connections, provides higher throughput, and supports more VPN tunnels.

This Netgear model supports up to 25 IPSec site-to-site or client-to-site tunnels, with an advertised max throughout of 78Mbps. The SSL VPN server supports up to 10 tunnels and the PPTP and L2TP VPN servers support up to 25 users.

Along with the unit, in the box you’ll find an installation guide, CD with documentation and VPN client software, Ethernet cable, power adapter, and non-slip rubber feet for table or shelf usage.

The unit’s all metal casing measures about 10 inches wide, 1 ½ inches high, and 7 inches deep. On the front of the unit are the status LEDs and Ethernet ports: two WAN ports and four switch ports. On the back end you’ll find the power input and a serial port for console access. There are no wall mounting holes on the bottom of the unit.

After logging into the web GUI, you see the status page. We didn’t find any setup wizards. On the top of the pages, you’ll find the main menu and then below that, the sub-menu. And just below that, many of the pages also have several tabs to choose from. Having all three menus shown on top of each other does clutter up the navigation somewhat. However, we did like the provided help and documentation. Each section of settings in the web GUI has a question mark button, which takes you to a pretty thorough description of those settings.

We found this Netgear unit to be an average VPN router without any bells or whistles, although Netgear provides a IPSec VPN client program for simplified client deployment. Keep in mind, the unit lacks client support of PPTP and L2TP, making IPSec the only way to join the unit to perform site-to-site connections.

We also felt this unit could use some improvements to the user-friendliness of the GUI, especially the menu design. Also, when adding VLANs you must manually input all of IP and DHCP settings for the new subnet, similar to the D-Link unit. However most routers automate or preconfigure some of these settings for you.

The HiPER 518 has a list price of $69.99, but is currently selling for $59.99. It is one of three different small business routers UTT Technologies offers, one of which is very similar in functionality and the other supporting more WAN connections, VPN tunnels, and additional authentication and billing functionality.

This UTT unit supports up to five concurrent IPSec VPN site-to-site and/or client-to-site tunnels, with a very low advertised throughput rating of 15Mbps. The only other VPN support is the PPTP server and client, supporting up to five concurrent users.

In the box, along with the unit, you’ll find an Ethernet cable, power adapter, and a product catalogue. You won’t find any install guide or manual, though you can download a manual from their website.

The metal case measures about 7 inches wide, 1 inches high, and 5 inches deep. On the front of the unit are the status lights for the power, system, and WAN/LAN ports. On the back you’ll find one port specially for a WAN connection and then four LAN ports, three of which can be used as additional WAN connections. You’ll also find the power input and a reset button on the back. On the bottom of the unit are non-stick pads, useful when placing on a desk or shelf, as well as two holes for optional wall mounting.

After logging into the web GUI, you’re prompted with the optional wizard, which only helps to configure the Internet connection. After that, you’re taken to the simple system info page showing a couple main stats.

Although the look and design of the web GUI is very basic and simplistic, it is still user-friendly. The main menu is on the left side of the page with expandable categories, displaying shortcuts to all the main pages. Then many of those pages have multiple tabs to view additional settings. Some pages have a Help button that pops up another browser tab to a simple description (many of which could be elaborated more) of the settings of that particular page.

After browsing through the GUI, we found most of the common VPN router features. However, one exception is the lack of VLAN support; you can’t define separate VLANs to segregate traffic. Also lacking are the QoS settings. It only allows control over the bandwidth rates, and not priorities. However, the unit does offer a PPPoE server supporting up to 30 users and web authentication for authenticating local users before they’re granted Internet access.

We found this UTT unit to be fairly unique. It includes some functionality that the other routers don’t, such as a PPPoE server and web authentication. However, at the same time it lacks support for some common features, such as SSL VPN and VLANs. Keep in mind though that other models from UTT do support VLANs along with additional functionality.

All the routers have IPSec and PPTP VPN servers and all but two (the Linksys and UTT units) have a SSL VPN server to allow clients access via a web browser. All the routers support both site-to-site and client-to-site tunnels for IPSec, while many of the routers only support client-to-site for some or all of the other VPN protocols.

Each router provides some type of WAN load balancing and failover via either a second WAN port and/or by supporting 3G or 4G wireless USB adapters. All but one (the UTT Technologies unit) provide VLAN tagging support. Two of the routers (the D-Link and DrayTek) also provide simple file and printer sharing via their USB ports.

Eric Geier is a freelance tech writer—keep up with his writings on Facebook or Twitter. He’s also the founder of NoWiresSecurity providing a cloud-based Wi-Fi security service, and On Spot Techs providing RF site surveying and other IT services.

(www.networkworld.com)

Eric Geier