Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

LAN & WAN Reviews

Feature Summary

The feature list below is based on the TP-LINK's TL-ER6020 specification listing.

  • Up to 50 IPsec VPN Tunnels, 50Mbps IPsec VPN Throughput
  • IPsec, PPTP, L2TP, L2TP over IPsec
  • IPsec NAT Traversal (NAT-T)
  • DES, 3DES, AES128, AES192, AES256 Encryption
  • MD5, SHA1 Authentication
  • Manual, IKE Key Management Mode
  • LAN-to-LAN, Client-to-LAN IPsec VPN
  • PPTP/L2TP VPN Server/Client
  • Hardware DMZ port
  • One-to-One NAT
  • FTP/H.323/SIP/IPsec/PPTP ALG
  • IM/P2P Application Blocking
  • URL/Keywords Filtering
  • Web Content Filtering (Java, ActiveX, Cookies)
  • ARP Inspection
  • DoS/DDoS Defense
  • Intelligent Load Balance
  • Policy Routing
  • Link Backup (Timing, Failover)
  • IP-based Bandwidth Control
  • Guarantee & Limited Bandwidth
  • IP-based Session Limit
  • Port VLAN, Port Mirror
  • Static Routing, RIP v1/v2
  • PPPoE Server
  • E-Bulletin

VPN Configuration

The TL-ER6020 supports up to 16 L2TP tunnels, 16 PPTP tunnels and 50 IPsec tunnels. It can function as a server or client for L2TP and PPTP. As a server, remote clients can connect via L2TP and PPTP tunnels. As a client, the TL-ER6020 can connect to other L2TP or PPTP servers.

IPsec functionality includes support for remote access and site to site tunnels. TP-LINK doesn't provide IPsec client software, but recommends Shrew Soft's free VPN client or GreenBow's VPN client.

I successfully set up L2TP, PPTP, and IPsec tunnels to the TL-ER6020. VPN tunnel configuration on the TL-ER6020 is relatively straightforward, although you won't find configuration wizards to help.

For L2TP and PPTP tunnels, you enable the L2TP or PPTP server, create a user name and password, select whether encryption is enabled and create an IP address pool for the remote clients.

Using a Windows 7 PC and the native VPN "connect to a work network" utility, I was able to remotely connect to the TL-ER6020 via L2TP and PPTP. I was also able to remotely connect to the TL-ER6020 via a PPTP tunnel from an iPhone. In the screenshot from the TL-ER6020 below, my iPhone is connected via PPTP and my laptop via L2TP.

PPTP / L2TP tunnel status

PPTP / L2TP tunnel status

I set up IPsec tunnels with a remote Windows 7 PC running Shrew Soft's IPsec VPN client software as well as a site-to-site tunnel to a NETGEAR SRX5308 VPN router. In the screenshot from the TL-ER6020 below, you can see I have a remote and site-to-site IPsec tunnel connected.

IPsec tunnel status

IPsec tunnel status

IPsec configuration on the TL-ER6020 requires creating an IKE profile and policy as well as an IPsec profile and policy. All typical IPsec options are available, including MD5 and SHA-1 authentication and 3DES and AES encryption.

To set up a site-to-site tunnel, the NETGEAR SRX5308 VPN configuration wizard selects SHA1, 3DES, and DH2 for IKE/Phase 1, and ESP, SHA1, 3DES and PFS = DH2 for IPsec/Phase 2. Once I manually applied the same options on the TL-ER6020, the tunnel between the two routers came right up.

To set up remote IPsec tunnel support, I had to configure the options on both the TP-LINK and Shrew Soft client software, which took a bit of trial and error. After I got a remote IPsec tunnel working as shown in the screenshots below, I stumbled across a nice step by step on how to configure a TP-LINK VPN router with the Shrew Soft VPN Client on TP-LINK's website. You'll find other configuration examples located in TP-LINK's FAQ section.

Working IPsec tunnel using Shrew Soft client

Working IPsec tunnel using Shrew Soft client

VPN Performance

I tested the TL-ER6020's VPN performance with iperf using default TCP settings, with a TCP window size of 8KB and no other options. I used iperf on two PCs running 64-bit Windows 7 with their software firewall disabled. (Running a simple iperf throughput test between two PCs uses the command iperf -s on one PC and iperf -c (ip) on the other PC.)

Table 1 shows my VPN throughput measurements over the four tunnel types on the TL-ER6020.

Tunnel Type Client - Gateway (Mbps) Gateway - Client (Mbps)
PPTP 30.0 34.6
L2TP 26.0 20.0
Client IPsec 41.9 40.0
Site-to-site IPsec 45.9 37.9
Table 1: VPN throughput summary

For the site to site test, I used my standard NETGEAR SRX5308 to terminate the other end of the tunnel. NETGEAR specs the SRX5308 site-to-site tunnel throughput at 180 Mbps. But the best I was able to do testing with a 64 bit Win 7 client running TheGreenBox IPsec client was 43 Mbps with traffic flowing from Gateway to client. So the site-to-site test results above might be slightly limited by the SRX5308.

Table 2 shows a VPN throughput table comparing the TL-ER6020 to several VPN routers I've reviewed in recent years. Note, you can click on the model listed in the table to go to the review for each device.

  IPsec Throughput (Mbps) PPTP Throughput (Mbps)
Product Client-Gateway Gateway-Client Client-Gateway Gateway-Client
TL-ER6020 41.9 40.0 30.0 34.6
Cisco RV180 39.7 50.9 5.98 6.49
Cisco RV120W 23.1 21.2 N.A . N.A .
Cisco RV220W 38.3 49.3 16.3 14.1
Cisco RV042 37.1 47.5 10.8 9.7
Draytek 2920 17.8 17.8 19.9 19.9
Netgear SRX5308 31.8 42.6 N.A. N.A .
Netgear FVS318N 33.1 45.8 N.A. N.A.
Zyxel VFG6005 5.9 5.6 10.8 6.54
TrendNET TW100-BRV214 3.32 2.85 8.95 7.61
Table 2: VPN throughput competitive comparison

TP-LINK rates the TL-ER6020 capable of 80 Mbps for IPsec VPN throughput with 3DES encryption. As you can see, I measured IPsec 3DES throughput on the TL-ER6020 at ~40 Mbps in both directions. TP-LINK addresses throughput testing in their FAQ section, stating varying results are based on test tool and protocol (TCP vs. UDP) differences. Nevertheless, iperf based TCP testing for IPsec throughput is a pretty good indicator of real world performance.

The TL-ER6020 stacks up well against the other devices in the chart. More specifically, the TL-ER6020's IPsec throughput is more symmetrical than most of the other devices.

PPTP throughput on the TL-ER6020 is head and shoulders above the other routers in the chart at 30 Mbps+. PPTP tunnels have a lot of utility since the client software is easy to set up and is included with all Windows versions as well as most smart phones including the iPhone and Android devices.

More LAN & WAN

Top Performing Routers

AC2350
AC1900
AC1750
AC1200
N600

Top Performing NASes

1 drive
2 drives
4 drives
6 drives
8 drives

Over In The Forums