Linksys Wireless-G VPN Broadband Router
March 30, 2004
This unit goes beyond VPN pass-through to provide tunnels for logging into a home or SOHO network.
Price: $229 MSRP
Pros: 50 VPN endpoints, extensive access controls.
Cons: Needs frequent restarts to configure, on/off switch is front and center
A feature found in most wireless broadband routers is virtual private network (VPN) pass-through capability, at technology many use to securely connect to corporate networks from within their homes. But if you're looking for a WLAN router that can provide VPN capabilities <b>into</b> the home or SOHO office, there are comparatively few choices. The latest is the Linksys Wireless-G VPN Broadband Router WRV54G, a unit that provides VPN endpoint capability with up to 50 concurrent tunnels.
The $229 WRV54G sports a sleek, slim, and silver-colored chassis, which can be utilized in either horizontal or vertical orientation (but not wall mounted, evidently). A single 5dBi antenna tilts and swivels from the unit, and is removable via a reverse-SMC connector. The WRV54G uses the Conexant <QUOTE NASDAQ:CNXT> PRISM GT wireless chipset.
The first thing that caught my attention on the router was a large on/off button conspicuously located on the front of the unit. I have worked with more routers than I can remember, and never before have I seen a power switch on such a device. The presence of one seems incongruous on a device that by nature is designed to remain on at all times. Indeed, under what scenario would you want to turn a router off? I can certainly envision an office environment where such a prominent power switch might encourage someone to turn it off at the end of each day. This could of course cause a number of potential problems, not the least of which might be questions as to why the network is so slow each morning at 9 AM.
Once rebooted, the WRV-54G also had difficulty communicating through the cable modem to the Internet. Power cycling the cable modem didn't address the issue, and I found the solution was to manually release and renew the router's WAN DHCP address from within the admin interface. That's inconvenient to say the least, and probably another reason to avoid using the power button.
The Linksys offers access extensive access control features, with the ability to filter traffic in both direction based on a custom schedule. The WRV-54G also offers content filtering, but it's at a very minimal level. Only four fields are provided to block URLs and six for keywords.
The WRV-54G offers logging capability and actually maintains two separate logs. One is for general system events like when a configuration change is made or an access policy is enforced. The other is for alert events, such as an unauthorized login attempt or attack behavior on the WAN.
Unfortunately, the WRV-54G doesn't allow you to actually view the logs on the device. That's not a big problem though, since both Syslog (Linksys offers their own log viewer as a free download) and e-mail alerts are supported. In the case of the latter, you can specify separate e-mail addresses for the general and alert logs, which gives you the option of directly notifying someone at a point of escalation about more serious issues.A useful diagnostics page lets you ping hosts directly from the router, simplifying WAN troubleshooting. Like any good business-class router should, the WRV-54G supports SNMP for remote monitoring and management.
The WRV-54G's DMZ feature has an interesting and potentially useful twist-- in addition to the typical means of specifying an LAN IP address for DMZ duty, you can use a hardware DMZ mode which makes one of the router's switched ports into a DMZ on a separate subnet.
One potential pitfall--the WRV-54G's DHCP server only lets you configure a scope with a single DNS server, which could potentially cause client access problems should it go down.
Clearly, the WRV-54G's major selling point is the VPN access it provides: the unit supports several different methods of encryption, authentication, and key exchange. Setting up VPN tunnels wasn't that difficult, and Linksys says the VPN will work with any IPSec compatible client, including the embedded client in Windows 2000/XP.
I was ultimately able to securely connect to the WRV-54G using a remote XP client, but only after considerable trial and error. The product documentation wasn't particularly helpful in this regard, so you should expect an initial learning curve, depending on your requirements.
The WLAN features of the WRV54G are for the most part basic. Unfortunately, the WRV54G lacks a means to control the radio transmitter output, which would be preferable for the security benefit it provides.
In addition to lowly WEP, the WRV-54G supports a full compliment of wireless encryption and authentication methods, including WPA (both TKIP and AES encryption) and RADIUS/802.1x for external authentication.
Wireless throughput of the WRV54G was as good as any 802.11g product I've tested, and held up well over distance, starting with 23.23 Mbps at 10 feet. This fell to 20.40 at 25 feet, 15.50 at 50 feet, 14.35 at 75 feet, and 11.23 at 100 feet. Throughput fell to 6.30Mbps at 125 feet.
Mixed mode performance was excellent at 19.01 Mbps, well in excess of the typical 13-15 Mbps. As always, enabling WPA encryption exacted a minimal performance penalty, resulting in 18.32 Mbps at 10 feet.
The WRV54G only supports half the number of VPN tunnels as similar products (the Netgear ProSafe VPN Firewall/Router, model FVL328, for example), but costs about $100 less. The presence of a power switch is hard to explain, and the connection issues following reboots are hard to forgive. However the WRV54G still distinguishes itself as a good small business router with excellent administrative control and remote VPN access, along with good wireless performance at a reasonably low price.