Quality Linksys VPN Products

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by datdamnmachine, May 27, 2007.

  1. datdamnmachine

    datdamnmachine LI Guru Member

    I originally started a discussion on the dslreports forums here:


    Essentially, I am looking for a quality Linksys router that can provide gateway-to-gateway as well as client vpn access. I've been looking at the RVL200 and the SSL function interests me but would like more then just 1 gateway-to-gateway tunnel option. Looking at other options, I've looked at the RVS4000 and the RV082. The only problems I see with these (which the RVL200 doesn't seem to have) is the ability to use AES encryption which is important to me. Another thing I was interested in is if the RVL200 has the option to use 3rd party firmware of if any of the Linksys VPN routers had the option of using 3rd party firmware. Also note, I'm looking for IPSec VPN capabilities as I'm familiar with those and not yet up to speed with the OpenVPN/OpenSSL/etc projects as of yet. Thank you for your time.
  2. Toxic

    Toxic Administrator Staff Member

    What is the actual problem with the RV082 and AES encryption?
  3. datdamnmachine

    datdamnmachine LI Guru Member

    From checking Linksys product page:


    There seems to be no mention of AES support with this device. I checked the data sheet and the user guide and they both make no mention of AES support. If it does support it, then Linksys' information and web page is severely out of date.
  4. ccbadd

    ccbadd Network Guru Member

    The RVL200 with fw 1.1.2 beta at least does have the option to use AES encryption for the ipsec tunnel. I wish they supported at least one more tunnel also, but the other features of this router are great. I really like the ability to define separate dhcp ranges per vlan but I don't know if you can do that with the other RV's also. I know the WRV200 does not. As far as 3rd party firmware, don't count on that. The SSL VPN stuff is licensed from Menlo Logic and not open source. This make it hard for Linksys to make the source available without violating there agreement with Menlo. If they do put out any source, I guarantee it will not compile correctly.
  5. datdamnmachine

    datdamnmachine LI Guru Member

    Yeah, I just wish that the RVL200 had more then one site-to-site vpn tunnel option. Five would have been great, five site-to-site tunnels and 5 SSL/VPN clients and life would be sweet for me. Oh well. I did find their GPL code download center here:


    I'm curious, you say firmware version 1.1.2 beta yet the firmware version's listed on Linksys website says 1.0.14 as the most recent. Am I missing something (well, I'm sure I am)?

    I wish I had the time to learn the programing need to reconfigure the code to my needs but I'm working with Cisco routers as well and need Linksys stuff mainly for a easy to configure home setup that I can leave alone and still have some advanced capabilities such as vlans, AES encryption, remote vpn access, QoS, etc.
  6. ccbadd

    ccbadd Network Guru Member

    I agree that one ipsec tunnel is a little skimpy, but I would be happy with two. I really would prefer to have 10 ssl vpn clients over additional ipsec tunnels.

    I don't think Linksys releases the source for beta firmwares always. Out of curiosity, I might try to compile the gpl code and compare the results with the actual Linksys code. Most of the source for the Linksys vpn routers is incomplete and can not be used to produce custom firmware.
  7. Toxic

    Toxic Administrator Staff Member

    its outdated. Newer firmwares added AES support for VPN. my RV042 has AES128, AES192 and AES256 Phase 1 Encryption settings.

    The RV082 and 16 all have the same in newer firmware.
  8. datdamnmachine

    datdamnmachine LI Guru Member

    Isn't that against the GPL? Releasing incomplete source code, not about releasing the source for beta firmwares. I wouldn't mind doing that but unfortunately, I'm Linux illiterate. My goal is to build a new computer and throw Linux on this one. Plus take a class at the local community college so I can get some experience. Time, though, seems to always be a factor...:(

    Thanks for the information. Now I just need to figure out which one I would like to get. I would figure the RVS4000 would probably be the best bet with it's larger memory and GBit interfaces. At the same time, I'm not sure if it's one of the models you mentioned as having AES-128/192/256 encryption. If you know and can point me in the direction of the information, I would greatly appreciate it. I'll still keep looking on my own mind you. Thanks, both of you for the help.
  9. Toxic

    Toxic Administrator Staff Member

    The full source code may contain more that just GPL licensed software. the code may also contain code they have paid for. they or any other company are not at liberty to release private or other licensed code as this may infringe other licenses.

    since Beta firmware is to an extent released in a controlled manner my assumption is, under GPL laws, they do not need to release every GPL source code for "beta/test" firmwares.

    GPL also allows for them to charge a fee for distribution if they wish to for hosting costs.

    The RVS4000 does have better QoS but does not have Dual WAN or a true DMZ port. the RV082 also has a PPTP server and many more VPN Tunnels with a better Intel Chipset and faster CPU.

    have a look at the GUIs



    the RV082 GUI however is not based on an upto date firmware. there are more features included now.
  10. datdamnmachine

    datdamnmachine LI Guru Member

    Thanks for the lesson on the GPL, it clarifies a lot for me. I'm much more of a Cisco man myself and I've just recently gotten into Linksys more high-end equipment.

    Well, dual WAN support may be something I use in the future but currently, since I only do primarily web browsing and some youtubing and whatnot, my one cable internet will probably due for the time being. I would like to set up my own Linux server with Asterisk to learn VoIP which means QoS would be important down the road but again, it's not mandatory currently. I will probably have 2-3 computers on the network as well as a Cisco lab for certification purposes (one or two PC's and a Linux server) so I may need the advanced QoS features. I do like the fact that the RVS4000 does have double the memory of the RV082 but as you said, the RV082 has the faster processor. The DMZ is a non-issue as I don't see a use for it now or in the future as of yet. Of course, the final nail seems to be price. Ouch. Decisions, decisions. Seems I will be up late thinking about this one for a while.

    I know the memory is not so much an issue as I have a Linksys WRT54GS with DD-WRT SP3 on it and I've been able to get 10Mb download with dslreports speed tests on a few occassion with 6-7 Mb being average (Comcast with 6Mb tier) but at the same time, I would like to make sure I have something if (when more likely considering competition with Telcos and whatnot) they up the cap to something around 8-10. It would be nice to have something that can handle the speed even with all the bell and whistles turned on without choking on me.

    Again, thanks for all the help.
  11. ghus

    ghus LI Guru Member

    on the opensource firmware discussion.... Do the same things apply for the RVS4000 code? Is this still incomplete rendering the release of the 3rd party versions impossible?
  12. jeffspicolie

    jeffspicolie LI Guru Member

    I have had a RV082 in the office for about 2 years now and must admit it has been nothing but problems. I would not recommend it based on my experience. I also heard via rumor control that it is going to be discontinued as well. Not sure I would lean toward a linksys.
  13. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    The RV0 series will handle the speed....if you have Comcast..you probably have their Powerboost...I often use my RV082 at home as I can nudge past 30 megs. I have the RV082 and RV016 units at many clients....and they do a good job...rock steady, I don't have the need to have clients reboot the routers as they often do with other entry level to mid-range grade routers. Stable and fast. I probably have over 50 RV0 units in service.

    They do a decent job at router to router tunnels...I have a tunnel from my house, to my office..(also on an RV082), and a few clients. Yeah..once in a blue moon a reboot is needed to bring the tunnel back up..not quite as solid as I've seen with higher end VPN appliances like Sonicwall and Juniper, but pretty good.

    As a PPTP VPN server I've found them rock solid. However..my experience with their QuickVPN IPSec client has been less than favorable. On some clients where I have only a few remote VPN users...it's been OK. But I had one client with a growing number of VPN users..I upgraded the RV016 to a 50 user...soon as I had more than 20 VPN users...it started causing issues all the time...requiring factory reset and reprogramming every few months. Flat out unacceptable for me. Replaced VPN duties with a Juniper sa700 unit..which I am in LOVE with. Oh my ...simply a pleasure to use...and no more late night calls from this clients nursing staff with VPN issues for me to help with.
  14. datdamnmachine

    datdamnmachine LI Guru Member

    From a question I originally asked about 3rd party firmware for the RVL200 (SSL/VPN router), it seems that the amount of 3rd party closed source proprietary options on some of the routers on the market, particularly the VPN models, are among the reasons why 3rd party firmware isn't available. As was mentioned to me, the SSL options on the RVL200 are from another provider and it isn't open source so it's probably not included in the GPL. As such, it makes the GPL code incomplete. Kinda sucks actually...:( I

    t would actually be good for Linksys, in my opinion, if they could make it all available or do all the functions open source. More people would buy the equipment and they can just void the warranty if you put 3rd party firmware on it so they don't have to deal with the support issues. After all, they are making their money from the sale of the hardware, not the support. People who are happy with the stock firmware can use it and have support for it but people wanted something extra out of their equipment can go third party. Think desktop applications. If MS Word works for you, go Word. If it doesn't, go Lotus Notes.

    That's my opinion mind you.
  15. Toxic

    Toxic Administrator Staff Member

    That is not quite true. the GPL Source code is complete. Linksys however is under no obligation to release full source codes if the codes contain licensed source.

    they only have to release the GPL parts. if they did release the total source for everything they would be out of pocket with laws suits from the originators of the licensed code creators.

    if you want the licenced source that is not given by linksys, go make enquiries and buy it:) you'll then think again of wanting something for nothing :thumbup:

    The RV0xx routers are compiled under OpenRG. whether or not you can compile the code for this is unknown since OpenRG itself is not free. (except for evaluation)
  16. datdamnmachine

    datdamnmachine LI Guru Member

    I guess I worded that wrong. The GPL is complete, just the licensed stuff that's a part of the full code, is not included.
  17. Toxic

    Toxic Administrator Staff Member

    and linksys or anyone else does not have the right to publish licensed code to the public with or without the firmwares GPL source code.
  18. datdamnmachine

    datdamnmachine LI Guru Member

  19. vpnuser

    vpnuser LI Guru Member

  20. d__l

    d__l Network Guru Member

    If the RV082 is being discontinued it would be for RoHS environmental reasons and not due to performance or quality issues.
  21. datdamnmachine

    datdamnmachine LI Guru Member

    Thanks for the link, I read the thread as well as the offshoot thread posted as well. Left a message in that thread to see if a more permanent solution have been garnered. I like the box so far but at the same time, I don't like how enabling various services on the router are decreasing the throughput so much. It's almost like they build it to support Gbit speeds and >100Mbps throughput but yet the features weren't upgraded enough to support said speeds.

    I wonder if the site can do a full on review of the product and test raw throughput from LAN-to-WAN, WAN-to-LAN, and the same throughput with the major features enabled seperately (firewall, IDS, QoS, even DMZ port) and also test it with the most common features enabled together (firewall, QoS; firewall, IDS; etc.).

    It seems this model has great potential as a quality consumer home router for those who's ISP connections are growing to meet the demand of new competition. The only problem is, without some near concrete results, most people aren't willing to shell out the money. I know I will need to do more research.

    Well, looks like I will continue looking into the RVS4000 while still looking into other options. I still need a good backup plug and play router for my network since I'm always doing crazy stuff with the Cisco I have (and any others I may eventually get).
  22. HughR

    HughR LI Guru Member

    There is no support for this hold-back in the text of the GPL. Why do you think this?

    Simply: if you get the binary ("object code or executable form") of a GPLed work, you have the right to the source (optionally at reasonable cost of distribution), and all the rights of the party that you got it from.

    If you only got a binary form of the work, and you haven't gotten the source, you ought not to distribute the binary since you cannot offer the source (unless the party that supplied you the binary will also supply source to those to whom you distribute the binary).

    The GPL is worth reading. It isn't that hard.
  23. datdamnmachine

    datdamnmachine LI Guru Member

    Well, I emailed smallnetbuilder.com about the test and asked if it was possible they could do it again without using the DMZ option. I suggested just fowarding the needed tcp ports to a LAN PC using the port forwarding option instead of the DMZ function. Another way, would be if the program they are using (will research) allows you to create a continuous connection from the LAN PC to the WAN PC so that you can then try sending data from the WAN PC to the LAN PC (think P2P or even instant messenger). I'll write back with the results of the inquiry.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice