NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi VPN Client
I think this is a needed feature in Orbi line up is the ability to do VPN CLIENT. Given that Rep have sold us out to ISP. A VPN client on router is prefer. Orbi already have a VPN server why not p...
The one truth about -all- single-board SoCs (found in every piece of consumer network gear in the past 15 years at least) is that they are partiularly poorly-suited for VPN. The absolute best throughput you can expect from them is around 10mbps, at which point they will be processing-saturated and very likely also impact other services on the router. With average Internet pipe speeds on the rise, as soon as you offer VPN service, you start getting the following complaints from users:
- It's too slow
- When I'm using VPN heavily, my family complains that Netflix sucks
- Why can't I connect my VPN to random fly-by-night VPN provider X?
It's a support nightmare and a bad idea in general. VPN belongs on the client (for general use cases) or on a dedicated VPN applicance (for whole-house VPN).
Rodney
I'm not sure I follow the part about SoC's having slow thruput, so not a good choice for VPN. If all the traffic is already going thru the router, what's the diff it it also goes thru a VPN pipe? Alexa may generate some small amount of traffic, but my smart switch traffic has be be tiny! A couple times a day they get sent and "on" or "off" message, that can't even make a blip on the traffic meter.
I can understand the support problems, which are only going to get worse, when everybody starts jumping on the VPN bandwagon, but I think it would be fair for Netgear to have a certification process for the VPN providers. Chose one of the approved providers and the customer is all set. This way the router set up could include the VPN vender's configuration data.
The part of your answer that really intreged me tho was the mention of a "VPN appliance" - what's that?
Larry
The poor throughput and performance from SoCs has nothing to do with bandwidth and everything to do with real-time encryption/decryption...these SoCs are not hardware-assist in that department and thus bog down quickly. Power-wise, they are more or less on par with a Raspberry Pi in terms of compute peformance - overkill for routing, woefully underpowered for VPN.
re: a VPN appliance, I was talking about a dedicated VPN concentrator (a la Cisco), though I know a few companies did have some efforts last year to bring "VPN gateways for the masses" to market (and I haven't heard from any of them since, so I'm guessing they found it out it's a bit harder than it may appear on the surface). Even Ubiquiti's ASIC-based solutions don't hardware-offload any VPN other than IPSec.
For my purposes, I've put an Asus VivoPC with a multicore Celeron up to the task as a mini-server running Linux and SoftEther (which offers native SSL VPN, OpenVPN, SSTP, etc., etc., etc. protocolling in one stack), but even it bogs down a bit under heavy VPN workloads. The core i7 model would have been a far better choice (and have allowed for beyond-gigabit VPN tunnels), but who wants to spend over $700 for a decent VPN solution?
Rodney
Wait, when you're talking about SoC's are you referring to smart home devices? If so, I'm still not getting the problem they'd present to an Orbi based VPN. I don't think they present anything of a realistic load, a couple packets now and then. And I can't imagine them having any real time demands for data - they get a packet with a "Turn off the light" command, they send an "Okay" back.
As far as Raspberry Pi's - I have two of them running Kodi and they run OpenVPN just fine (for their own data streams).
As far as the VPN appliance - I think you're expecting a LOT more Internet traffic than I am -and- a lot better base speed by the ISP (out here if very rural TN I feel lucky to have 3Mb).
I still think there is, or will be, a demand for a whole-house VPN connection. Orbi is the logical spot to provide that. It already provides a VPN server, so a lot of the code for encryption is already there. Somebody is going to see it and fill that consumer need. There's already a Open Media Vault for a home network storage, there Kodi providing an open media player. Somebody is going to slap together a whole home VPN. I'd like to think that Netgear has the expertice, they have a top end product that already supports the protocol....
LarryM404 wrote:Wait, when you're talking about SoC's are you referring to smart home devices? If so, I'm still not getting the problem they'd present to an Orbi based VPN. I don't think they present anything of a realistic load, a couple packets now and then. And I can't imagine them having any real time demands for data - they get a packet with a "Turn off the light" command, they send an "Okay" back.
As far as Raspberry Pi's - I have two of them running Kodi and they run OpenVPN just fine (for their own data streams).
As far as the VPN appliance - I think you're expecting a LOT more Internet traffic than I am -and- a lot better base speed by the ISP (out here if very rural TN I feel lucky to have 3Mb).
I still think there is, or will be, a demand for a whole-house VPN connection. Orbi is the logical spot to provide that. It already provides a VPN server, so a lot of the code for encryption is already there. Somebody is going to see it and fill that consumer need. There's already a Open Media Vault for a home network storage, there Kodi providing an open media player. Somebody is going to slap together a whole home VPN. I'd like to think that Netgear has the expertice, they have a top end product that already supports the protocol....
I agree with this.
There have been a lot of chatter in my office due to the recent political climate and one key topic that kept on discussed is:
"How to have my WHOLE home Internet connected to the VPN instead of per device?".
This even came from people who are not so technical (non-Engineer).