The feature list below is based on the TP-LINK's TL-ER6020 specification listing.
- Up to 50 IPsec VPN Tunnels, 50Mbps IPsec VPN Throughput
- IPsec, PPTP, L2TP, L2TP over IPsec
- IPsec NAT Traversal (NAT-T)
- DES, 3DES, AES128, AES192, AES256 Encryption
- MD5, SHA1 Authentication
- Manual, IKE Key Management Mode
- LAN-to-LAN, Client-to-LAN IPsec VPN
- PPTP/L2TP VPN Server/Client
- Hardware DMZ port
- One-to-One NAT
- FTP/H.323/SIP/IPsec/PPTP ALG
- IM/P2P Application Blocking
- URL/Keywords Filtering
- Web Content Filtering (Java, ActiveX, Cookies)
- ARP Inspection
- DoS/DDoS Defense
- Intelligent Load Balance
- Policy Routing
- Link Backup (Timing, Failover)
- IP-based Bandwidth Control
- Guarantee & Limited Bandwidth
- IP-based Session Limit
- Port VLAN, Port Mirror
- Static Routing, RIP v1/v2
- PPPoE Server
The TL-ER6020 supports up to 16 L2TP tunnels, 16 PPTP tunnels and 50 IPsec tunnels. It can function as a server or client for L2TP and PPTP. As a server, remote clients can connect via L2TP and PPTP tunnels. As a client, the TL-ER6020 can connect to other L2TP or PPTP servers.
I successfully set up L2TP, PPTP, and IPsec tunnels to the TL-ER6020. VPN tunnel configuration on the TL-ER6020 is relatively straightforward, although you won't find configuration wizards to help.
For L2TP and PPTP tunnels, you enable the L2TP or PPTP server, create a user name and password, select whether encryption is enabled and create an IP address pool for the remote clients.
Using a Windows 7 PC and the native VPN "connect to a work network" utility, I was able to remotely connect to the TL-ER6020 via L2TP and PPTP. I was also able to remotely connect to the TL-ER6020 via a PPTP tunnel from an iPhone. In the screenshot from the TL-ER6020 below, my iPhone is connected via PPTP and my laptop via L2TP.
PPTP / L2TP tunnel status
I set up IPsec tunnels with a remote Windows 7 PC running Shrew Soft's IPsec VPN client software as well as a site-to-site tunnel to a NETGEAR SRX5308 VPN router. In the screenshot from the TL-ER6020 below, you can see I have a remote and site-to-site IPsec tunnel connected.
IPsec tunnel status
IPsec configuration on the TL-ER6020 requires creating an IKE profile and policy as well as an IPsec profile and policy. All typical IPsec options are available, including MD5 and SHA-1 authentication and 3DES and AES encryption.
To set up a site-to-site tunnel, the NETGEAR SRX5308 VPN configuration wizard selects SHA1, 3DES, and DH2 for IKE/Phase 1, and ESP, SHA1, 3DES and PFS = DH2 for IPsec/Phase 2. Once I manually applied the same options on the TL-ER6020, the tunnel between the two routers came right up.
To set up remote IPsec tunnel support, I had to configure the options on both the TP-LINK and Shrew Soft client software, which took a bit of trial and error. After I got a remote IPsec tunnel working as shown in the screenshots below, I stumbled across a nice step by step on how to configure a TP-LINK VPN router with the Shrew Soft VPN Client on TP-LINK's website. You'll find other configuration examples located in TP-LINK's FAQ section.
Working IPsec tunnel using Shrew Soft client
I tested the TL-ER6020's VPN performance with iperf using default TCP settings, with a TCP window size of 8KB and no other options. I used iperf on two PCs running 64-bit Windows 7 with their software firewall disabled. (Running a simple iperf throughput test between two PCs uses the command iperf -s on one PC and iperf -c (ip) on the other PC.)
Table 1 shows my VPN throughput measurements over the four tunnel types on the TL-ER6020.
|Tunnel Type||Client - Gateway (Mbps)||Gateway - Client (Mbps)|
Table 1: VPN throughput summary
For the site to site test, I used my standard NETGEAR SRX5308 to terminate the other end of the tunnel. NETGEAR specs the SRX5308 site-to-site tunnel throughput at 180 Mbps. But the best I was able to do testing with a 64 bit Win 7 client running TheGreenBox IPsec client was 43 Mbps with traffic flowing from Gateway to client. So the site-to-site test results above might be slightly limited by the SRX5308.
Table 2 shows a VPN throughput table comparing the TL-ER6020 to several VPN routers I've reviewed in recent years. Note, you can click on the model listed in the table to go to the review for each device.
|IPsec Throughput (Mbps)||PPTP Throughput (Mbps)|
|Cisco RV120W||23.1||21.2||N.A .||N.A .|
|Netgear SRX5308||31.8||42.6||N.A.||N.A .|
Table 2: VPN throughput competitive comparison
TP-LINK rates the TL-ER6020 capable of 80 Mbps for IPsec VPN throughput with 3DES encryption. As you can see, I measured IPsec 3DES throughput on the TL-ER6020 at ~40 Mbps in both directions. TP-LINK addresses throughput testing in their FAQ section, stating varying results are based on test tool and protocol (TCP vs. UDP) differences. Nevertheless, iperf based TCP testing for IPsec throughput is a pretty good indicator of real world performance.
The TL-ER6020 stacks up well against the other devices in the chart. More specifically, the TL-ER6020's IPsec throughput is more symmetrical than most of the other devices.
PPTP throughput on the TL-ER6020 is head and shoulders above the other routers in the chart at 30 Mbps+. PPTP tunnels have a lot of utility since the client software is easy to set up and is included with all Windows versions as well as most smart phones including the iPhone and Android devices.