The LRT224 supports IPsec, SSL, and PPTP VPN connections. In my review of the LRT214, I validated the LRT2x4's capability to set up an IPsec VPN tunnel to another brand of router, as well as to IPsec client software. As mentioned earlier, Linksys has posted configuration guides on their support site for how to use the LRT2x4 with IPsec client software from IPSecuritas and Shrewsoft.
A more advanced LRT2x4 VPN feature for IPsec gateway to gateway tunnels is the VPN tunnel backup feature. This feature allows you to specify the IP address of a second VPN router to connect to in the event an active tunnel fails.
A new VPN feature on the LRT2x4 routers available in firmware v1.0.2.06 is EasyLink VPN. EasyLink simplifies the IPsec configuration process for a gateway to gateway IPsec tunnel between two LRT routers. Standard IPsec configuration involves specifying Phase 1 and 2 encryption, authentication, timers, and key exchange (DH) methods.
With the EasyLink feature and a pair of Linksys LRT2x4 routers, all you have to do is create a user name and password and enter the IP address of the far end router to establish an IPsec tunnel. Essentially, EasyLink eliminates having to specify Phase 1 and 2 encryption, authentication, timers, and key exchange (DH) methods. Note, the LRT2x4 can support up to 50 IPsec tunnels, of which 5 are reserved for EasyLink configuration.
I upgraded the LRT214 to firmware v1.0.2.06 and set up an EasyLink tunnel between the LRT214 and the LRT224. On one LRT, I enabled the EasyLink VPN server and created an inbound EasyLink connection by entering just two values, an account name and password. On the other LRT, I created an outbound EasyLink connection by entering three values, the same account name and password, plus the WAN IP address of the far end LRT. The tunnel came right up, as shown in the screenshot below.
In my review of the LRT214, I also validated the LRT2x4's capability to set up SSL and PPTP VPN connections. I successfully set up an SSL tunnel to a Windows PC. Further, I was able to validate PPTP tunnels from the LRT214 to a Windows PC and an iPhone.
The LRT2x4 uses the OpenVPN client for remote SSL connections. Since my review of the LRT214, Linksys has made a few improvements to further simplify OpenVPN configuration on the LRT. First, the support site now includes configuration guides on how to configure the LRT with OpenVPN using certificates, as well as how to set up OpenVPN on an Android and iOS device. Using certificates for an SSL tunnel increases security, but also increases configuration complexity. With Linksys' guide on how to configure OpenVPN certificates, I had no problems setting it up.
Second, a feature was added in firmware v1.0.2.06 to email the client OpenVPN config directly from the router to a user's email address. All you need to do is configure mail server settings on the LRT and you can click to email the OpenVPN config from the router to the remote user. This makes it easier to configure the OpenVPN client on the end user's PC or device.
To measure VPN throughput on the LRT224, I used two PCs running 64-bit Windows with their software firewall disabled. Using TotuSoft's LAN Speed Test client and server application, with a file size of 100 MB, I measured throughput over the EasyLink IPsec tunnel as well as over an OpenVPN SSL tunnel. Below are my throughput measurements.
|VPN Tunnel Type||Throughput (Mbps)|
|IPsec Site to Site||69.2
Table 2: VPN Throughput
Note, since my review of the LRT214, we changed our VPN throughput measuring tool from iperf to the TotuSoft LAN Speed Test tool, so a comparison of my measurements on the LRT214 to the LRT224 isn't exactly apples to apples. However, VPN throughput appears to be improved for both IPsec and SSL.
On the LRT214 with firmware v1.0.1.02, I measured IPsec throughput at 54.1 Mbps for Client-Gateway and 62.4 Mbps for Gateway-Client. As you can see, on the LRT224 with firmware v1.0.2.06, I measured IPsec throughput at 69.2 Mbps for Client-Gateway and 70.8 Mbps for Gateway-Client.
SSL throughput was quite asymmetrical when I tested it on the LRT214 with firmware v1.0.1.02. SSL throughput is now nearly the same in both directions on the LRT224 with firmware v1.0.2.06, a nice improvement. On the LRT214 with firmware v1.0.1.02, I measured SSL throughput at 3.5 Mbps for Client-Gateway and 11.3 Mbps for Gateway-Client. As you can see, on the LRT224 with firmware v1.0.2.06, I measured SSL throughput at 11.6 Mbps for Client-Gateway and 12.3 Mbps for Gateway-Client.
Firewall options on the LRT224 with firmware v1.0.2.06 appear to be unchanged from my review of the LRT214 with firmware 1.0.1.02. The LRT's firewall remains relatively easy to configure, with checkboxes to enable external threat protections, access rules to allow or deny traffic based on traffic type, source interface, source and destination IP address(es), and a schedule based on hours and days and basic manual content filtering.
We tested router performance using our standard test method. The results below compare the LRT214 with firmware v1.0.1.02, the LRT224 with firmware v1.0.2.06, the Cisco RV320 and the Cisco RV180.
|WAN - LAN||796.5||697||887.0||798.3|
|LAN - WAN||721.4||732.9||746.3||811.2|
|Maximum Simultaneous Connections||39,162||32,120||32,249
Table 3: Routing Throughput
Unidirectional router throughput for firmware v1.0.2.06, shown in the IxChariot plot below, has changed a bit on the LRT2x4 from firmware v1.0.1.02 to v1.0.2.06. Downlink throughput increased and uplink declined slightly, but the differences are minor.
The composite unidirectional plot shows very steady downlink throughput peaking over 900 Mbps. This is about as good as we can measure and indicates wire-speed Gigabit downlink throughput. Uplink throughput is not as steady, with periodic downward throughput spikes.
Some of this can be attributed to quirks in IxChariot. The large jump in downlink throughput just before the 20 second mark is definitely an IxChariot quirk that we also see in 802.11ac wireless tests. The jump is an artifact of the way IxChariot handles packet aggregation on high speed links and is not a problem with the router itself.
Bidirectional router throughput again shows a definite preference for downlink traffic when both directions are fully loaded. In the end, both the LRT214 and 224 have plenty of routing throughput for most any broadband connection.
Table 4 lists throughput and pricing information for both Linksys LRT routers, as well as the previously mentioned RV320 and RV180. Note, the LRT224, RV320, and RV042 are all dual WAN routers, while the LRT214 and RV180 are single WAN routers. Pricing information is from Pricegrabber.com.
Table 4: Product Comparison
Regarding price, the LRT224 comes in about the same as the Cisco RV320. In my opinion, the LRT's OpenVPN SSL solution is superior to the RV320's virtual passage SSL solution. The LRT224 is only $20 more than the LRT214 and has dual WAN ports. Frankly, even if I had only a single ISP connection, I'd go with the LRT224 for future flexibility.
I concluded my review of the LRT214 saying "with a few updates to the firmware and support documentation, I think Belkin has a pretty solid VPN router with the Linksys LRT214". I think Belkin / Linksys is moving in the right direction. With continued focus on improving firmware and support documentation, the LRT2x4 routers can become the best business routers on the market.