NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi VPN Client
I think this is a needed feature in Orbi line up is the ability to do VPN CLIENT. Given that Rep have sold us out to ISP. A VPN client on router is prefer. Orbi already have a VPN server why not p...
This is a GREAT idea - I was just coming here to suggest it myself.
The BIG advantage that putting it in the router is that one connection/login covers the entire household. I have not only PCs (Win and Linux) but also a couple Amazon Alexa's and about a dozen smart home devices. I would really like to see these behind a VPN connection, not just for the information privacy but also the invasion aspect.
C'mon Netgear engineers! If there's a high end router that deserves to have VPN capabilities its the Orbi product.
The one truth about -all- single-board SoCs (found in every piece of consumer network gear in the past 15 years at least) is that they are partiularly poorly-suited for VPN. The absolute best throughput you can expect from them is around 10mbps, at which point they will be processing-saturated and very likely also impact other services on the router. With average Internet pipe speeds on the rise, as soon as you offer VPN service, you start getting the following complaints from users:
- It's too slow
- When I'm using VPN heavily, my family complains that Netflix sucks
- Why can't I connect my VPN to random fly-by-night VPN provider X?
It's a support nightmare and a bad idea in general. VPN belongs on the client (for general use cases) or on a dedicated VPN applicance (for whole-house VPN).
Rodney
I'm not sure I follow the part about SoC's having slow thruput, so not a good choice for VPN. If all the traffic is already going thru the router, what's the diff it it also goes thru a VPN pipe? Alexa may generate some small amount of traffic, but my smart switch traffic has be be tiny! A couple times a day they get sent and "on" or "off" message, that can't even make a blip on the traffic meter.
I can understand the support problems, which are only going to get worse, when everybody starts jumping on the VPN bandwagon, but I think it would be fair for Netgear to have a certification process for the VPN providers. Chose one of the approved providers and the customer is all set. This way the router set up could include the VPN vender's configuration data.
The part of your answer that really intreged me tho was the mention of a "VPN appliance" - what's that?
Larry
The poor throughput and performance from SoCs has nothing to do with bandwidth and everything to do with real-time encryption/decryption...these SoCs are not hardware-assist in that department and thus bog down quickly. Power-wise, they are more or less on par with a Raspberry Pi in terms of compute peformance - overkill for routing, woefully underpowered for VPN.
re: a VPN appliance, I was talking about a dedicated VPN concentrator (a la Cisco), though I know a few companies did have some efforts last year to bring "VPN gateways for the masses" to market (and I haven't heard from any of them since, so I'm guessing they found it out it's a bit harder than it may appear on the surface). Even Ubiquiti's ASIC-based solutions don't hardware-offload any VPN other than IPSec.
For my purposes, I've put an Asus VivoPC with a multicore Celeron up to the task as a mini-server running Linux and SoftEther (which offers native SSL VPN, OpenVPN, SSTP, etc., etc., etc. protocolling in one stack), but even it bogs down a bit under heavy VPN workloads. The core i7 model would have been a far better choice (and have allowed for beyond-gigabit VPN tunnels), but who wants to spend over $700 for a decent VPN solution?
Rodney