Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

VPN

The Balance 20 will support two IPsec site-to-site tunnels and three PPTP tunnels. Peplink's documentation says it supports VPN site-to-site tunnels to Peplink, Cisco, and Juniper routers. No other brands are listed as supported. Nevertheless, I had no problem setting up an IPsec site-to-site tunnel to a Netgear SRX5308.

Shown below is a screen shot of my IPsec connection from the Balance 20 to the SRX5308. I found Peplink's VPN configurations pretty straightforward. My guess is an IPsec tunnel could be established with other brands as well.

IPsec Status

IPsec Status

Interestingly, Balance routers do not support client IPsec tunnels. Thus, the only option for remote client VPN access to a Balance router is via a PPTP tunnel. This approach has pros and cons.

The pro to PPTP tunnels is simplicity. PPTP client software is included in Windows, Mac OS X, iPhones and Android smartphones. PPTP configuration is quite simple. On the Balance 20, all you have to do is enable PPTP and create a user name and password. On the end device, you create a PPTP connection and enter the user name and password.

I had no problem establishing a PPTP connection to the Balance 20 from a Windows 7 and Windows 8 PC, a Mac OSX PC, and an iPhone. Below is a screen shot where I have a Windows PC and an iPhone both connected to the Balance 20 via a PPTP connection.

PPTP Status

PPTP Status

The con to PPTP tunnels is security. PPTP is considered less secure than IPsec. However, the most secure solution isn't all that valuable if you can't get it to work and IPsec client software can be difficult to configure and may not be available across all platforms.

I tested the Balance 20's VPN performance with iperf using default TCP settings, with a TCP window size of 8KB and no other options. I ran iperf on two PCs, one running 64-bit Windows 7 and the other 64-bit Windows 8 with their software firewall disabled. (Running a simple iperf throughput test between two PCs uses the command iperf -s on one PC and iperf -c (ip) on the other PC.)

I tested IPsec site-to-site VPN performance between the Balance 20 and the NETGEAR SRX5308, a router I typically use for site-to-site IPsec tunnel testing. I measured IPsec throughput with both 3DES and AES-256 encryption. (Peplink advertises their SpeedFusion feature with AES-256 encryption, so my thought is the Balance routers are optimized for AES encryption. The results seem to support that theory.) I tested PPTP VPN performance using my Windows PCs as described above.

Peplink Balance 20 VPN Throughput Performance (Mbps)
Tunnel Type WAN-LAN LAN-WAN
PPTP 13.3 13.4
Site to Site IPsec (3DES) 8.68 8.45
Site to Site IPsec (AES-256) 14.0 13.1
Table 4: VPN throughput

I was surprised by the Balance 20's low VPN throughput. Peplink didn't provide VPN ratings for the Balance 20, yet I thought they'd be higher. As you can see in Table 5 comparing multi-WAN VPN routers, the Balance 20's VPN performance for both IPsec and PPTP is lower than all other multi-WAN VPN routers I've tested.

IPsec Throughput (Mbps) PPTP Throughput (Mbps)
Product LAN-WAN WAN-LAN LAN-WAN WAN-LAN
Peplink Balance 20 13.1 14.0 8.45 8.68
TP-LINK TL-ER6020 41.9 40.0 30.0 34.6
Cisco RV042 37.1 47.5 10.8 9.7
Draytek 2920 17.8 17.8 19.9 19.9
NETGEAR SRX5308 31.8 42.6 NA NA
Table 5: VPN throughput comparison

Firewall

The Balance 20 uses a rule-based firewall with separate inbound and outbound rules. Both directions allow you to specify both source and destination ports and allow / deny as shown in the screenshot below. Inbound rules also allow you to specify the WAN port it applies to.

Firewall rule

Firewall rule

The Protocol Selection Tool is just Peplink's way of saying you can choose one of 28 pre-defined different traffic types (shown below). Or you can write your own rule setting TCP / UDP / ICMP / IP and ports.

Traffic Types

Traffic Types

There is no scheduling of firewall rules. Rule priority is established by drag-and-dropping rule positions.. All Balance models also have a enable for intrusion detection and Denial-of-Service blocking. If you want website (domain) blocking, you'll need to step up to the Balance 305 or 380+.

QoS

The 20 and most Balance models support three-level priority-based QoS. Priorities are assigned to services as shown below, so apply to all traffic both uplink and downlink.

Setting QoS priority

Setting QoS priority

Predefined applications include several types of video streaming (MMS, RealMedia, RTP, RTSP, Windowsmedia), tunneling traffic (IPsec, PPTP, SSL), and VoIP traffic (SIP, Skype). Custom applications can be created by DSCP values or by protocol and port.

If you again step up to a Balance 305 or 380+, you can divide LAN clients among three groups to apply bandwidth-based QoS rules to.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I'm using RT-AC86U as main router and RT-AC88U as a repeater. They are connected via 5GHz link, 80MHz, running at 4 AC streans and around 1600Mbps con...
Anyone know how to so this. Ports are getting locked and we're going nuts.
I am currently suffering from DNSMASQ --log-async using 100% of resources on randomly switching CPU'S any suggestion to fix this?
Hi, I'm sorry for asking this if this topic may already exists but I am unable to find it.Is there any settings of my RT-AC1900P that I could change f...
Is AiProtection DNS based/is it bypassed by using DNS over https?

Don't Miss These

  • 1
  • 2
  • 3