Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

VPN Performance

Because it uses the same chip as the Linksys BEFSX41, I expected to get at least 2Mbps throughput through an IPsec tunnel, and better through a PPTP tunnel, since it doesn't require as much number-crunching for its encryption. But, try as I might, the best I was able to do was around 760kbps, more like what I got from other VPN-endpoint routers that don't have an IPsec co-processor. I did find, however, that the Plus' firewall settings affected throughput, as you can see from Figures 6 and 7 below.

I used Chariot to set up a test that ran the TCP throughput script simultaneously through the VPN tunnel and through the Plus' normal non-VPN LAN-WAN direction. Four computers were used for the test - two for the VPN tunnel and two for the LAN-WAN connection. I set up the test so that the non-VPN test pair started first, then kicked in the VPN test pair for awhile, stopped it, then finally stopped the non-VPN test pair. This let me see how much the normal routing and VPN parts of the router interacted.

SMC7004FW: VPN comparison - DMZ disabled
Figure 6: VPN throughput comparison - DMZ disabled
(click on the image for a full-sized view)

Figure 6 compares the results for runs with IPsec and PPTP tunnels. You can see that the non-VPN pair takes a significant throughput hit when either flavor of VPN tunnel is kicked in. But which part of the router gets hit the most? By using the data from the tables at the bottom of the page that contain data taken with only the VPN tunnel running, we can find the answer.

The data shows that when an IPsec tunnel is running , there's about 80% throughput reduction for the non-VPN pair (17.8 to 3.5Mbps [interpolated]) and 22% reduction for the tunnel pair (0.77 to 0.60Mbps). The throughput hit is more evenly distributed when running a PPTP tunnel, with the non-VPN pair getting knocked down only 50% (20 to 10Mbps) and 56% (5.0 to 2.2Mbps) for the PPTP tunnel.

From my previous testing of SPI-based routers, I knew that enabling DMZ or port forwarding could cause routing throughput reduction, so I wanted to see if it would also affect VPN throughput. Figure 7 shows the same test run as in Figure 6, but this time with DMZ enabled on the router with the LAN-WAN traffic.

SMC7004FW: VPN comparison - DMZ enabled
Figure 7: VPN throughput comparison - DMZ enabled
(click on the image for a full-sized view)

As expected, enabling DMZ knocked down the non-VPN throughput about 50% for both PPTP and IPsec cases with no tunnel running. But this time when the IPsec tunnel is kicked in, throughput changed 75% (9.0 to 2.2Mbps - both interpolated from the graph) for the non-VPN pair and 29% (0.77 to 0.55Mbps) for the tunnel. Making the same comparison for a PPTP tunnel running finds the throughput reduction a little less evenly distributed this time, with the non-VPN pair taking a 45% (10 to 5.5Mbps - interpolated) hit, and the PPTP tunnel extracting a 62% (5.0 to 1.9Mbps) penalty.

So what the heck is the bottom line out of all of this? My take-away is that the router does a better job of balancing normal routing and PPTP tunneling than it does with IPsec tunnels. You also probably won't be happy with IPsec tunnel performance unless your data load is very light, and if you enable DMZ or have any ports forwarded, you may even see a noticeable speed reduction in your non-VPN traffic.

IPsec VPN Performance Test Results

Test Description Transfer Rate (Mbps)
[1 MByte data size]
Response Time (msec)
[10 iterations 100 Byte data size]
UDP stream
[10s @ 500kbps]
Actual throughput (kbps) Lost data (%)
Local to Remote 0.77 9 (avg)
11 (max)
293 36
Remote to Local 0.73 9 (avg)
10 (max)
279 35
Firmware Version 1.0 (Jun 14 2002 12:11:59
See details of how we test.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi all.I have an RT-AC68U with merlin 384.10-beta2, before I test it with the 384.8 and the same error ocurs, its not a beta bug.I put my company rout...
I am wanting to get a VPN next month (been putting it off for a year now), and been researching which ones are compatible to install on my router:http...
Hi,Since last week I'm able to list the threads I follow, but if I open them it stays loading forever... How can I verify if it's on snb or tapatalk s...
The most convenient way is to use an USB-device as described in Voxel documentation.This is a Lazy Dog for those who want to do it without USB.The sho...
Hello,I live in a 3-story 3,000 sq ft house. I’ve been using Netgear R7000 (freshTomato firmware) located more or less centrally. Coverage has been gr...

Don't Miss These

  • 1
  • 2
  • 3