Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

VPN

As I said previously, the Plus is the only one of the under $100 VPN endpoint routers to support both PPTP and IPsec tunnels. I found the PPTP setup harder to figure out (although I have to admit I haven't had to futz much with PPTP setups previously), but had better throughput than the IPsec. But let's start with a walkthrough of the IPsec capabilities.

The big complaint about most of the inexpensive VPN endpoint routers is that people have a hard time connecting them to anything other than another of the same make and model router. In the first place, manufacturers don't want to take on the support liability of saying that that their product will work with someone else's. This costs them time and money in support calls, and at the prices that these products sell for (and the fact that support is not charged for), that gets to be a losing proposition pretty quickly. Add in the fact that the manufacturers would have to test the combinations that they say they support, and you can see why most steer clear of the subject.

In the Plus' case, a look at Figure 3 shows that the IPsec setup parameters are even more limited than those offered by competitive products, so you may have even a harder time doing anything other than connecting to another Plus to form a tunnel. On the other hand, connecting to other PPTP-based products may be fine, since it seems like SMC paid more attention to detail in the PPTP implementation, and since PPTP has fewer tunnel setup options than IPsec does.

SMC7004FW: IPsec setup screen

Figure 3: IPsec setup
(click on the image for a full-sized view)

In addition, the IPsec setup instructions in the Barricade Plus VPN IPSEC & PPTP Configuration Guide describe only a router-to-router subnet-to-subnet configuration. Although you can probably configure a tunnel using single IP addresses, you can't configure tunnels using ranges of IP addresses. You also can't set the Plus to connect to a remote gateway ("Security Gateway") using a domain name, or dynamic IP address.

Although you can choose between DES (56 bit), 3DES (168 bit), or disabling Encryption, and MD5, SHA, or disabling Authentication, your Key Management options are limited to setting the SPI (Security Parameter Index) value. This means no IKE, no Pre-shared Key, and no Key Lifetime parameters. PFS (Perfect Forward Secrecy) is not an option either, nor is the ability to control what happens in Phase 1 and 2 of the IPsec tunnel setup or handle Main and Aggressive mode settings.

Fortunately, it seems that NetBIOS broadcast (for Microsoft Network browsing) seems to be enabled by default for both IPsec and PPTP tunnels. This is something that I think all consumer VPN endpoint routers should do, since the "Can I see the guys on the other side of the tunnel?" test is the first thing most people try! It was nice to see machines on the other side of the tunnel in My Network Places / Network Neighborhood shortly after the tunnel was established without having to hunt for any additional settings.

I was lucky that I had done router-to-router IPsec setups before because my settings worked the first time. If they hadn't, I would have been in trouble because there is no logging of IPsec tunnel setup, and no ability to connect or disconnect the tunnels! The only indication of tunnel operation you get is on the Status Screen (Figure 5). I guess the Plus is pretty tenacious in terms of maintaining tunnels, because there's no setting allowing you to auto-reconnect or timeout a connection. The Plus automatically connected as soon as I enabled the tunnel on both ends and stayed connected until I disabled the Tunnel setting.

The bottom line is that the three IPsec tunnels that the Plus can handle will most likely be limited to connections between Pluses, with only the stout-of-Networking-heart attempting tunnels with individual VPN clients or other vendors' products!

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

evening allBeen away from the NAS scence since dabbling with an LG nas a few years back, so looking to start again, small(ish) 2 bay NASUse is really ...
The home I recently moved into has a different layout for the network, and I am struggling with making a decision on updating my router.Some quick inf...
I have just changed my router from a N66U to a AC88U and restored from a back up to save time.I have been having issues with devices not been able to ...
(Please delete my post in Router thread): https://www.snbforums.com/threads/router-cpu-for-iptv-samba-streaming.55550/As tittle, now I'm having TP-lin...
New recommendation: do not touch purchasing anything that looks or smells like a router until black friday/ xmas 2019! Or, later. Yes, we all know thi...

Don't Miss These

  • 1
  • 2
  • 3