The LRT214 supports IPsec, SSL, and PPTP VPN connections. IPsec is supported for Gateway-to-Gateway and Client-to-Gateway tunnels. SSL and PPTP is supported for Client-to-Gateway tunnels. The LRT214 supports up to 50 IPsec tunnels, 5 SSL tunnels, and 5 PPTP tunnels.
For remote IPsec tunnels, Linksys supports the Shrew Soft client for Windows and Linux, and the Lobotomo IPSecuritas client for MacOS. For remote SSL tunnels, the LRT214 supports OpenVPN clients for Windows, MacOS, Android, and iOS devices. Finally, remote PPTP tunnels are also supported, which are natively supported by Windows, MacOS, Android and iOS devices.
Standard IPsec technologies are supported, including DES, 3DES, and AES encryption, along with SHA-1 and MD5 authentication. I was able to set up a Gateway-to-Gateway tunnel on the LRT214 to a ZyXEL ZyWALL 110 without issue. Following Linksys' support guide for a Shrew Soft IPsec tunnel, I was also able to set up a Client-to-Gateway tunnel. In the screenshot, you can see I have both IPsec tunnels connected.
I find Linksys' strategy for remote access software interesting. Instead of providing custom client software for remote access, Linksys has enabled the LRT214 to work with freely-available VPN client software.
I found especially interesting the LRT214's integration of OpenVPN support. I use OpenVPN software on a Windows 8.1 PC for remote access to my day job. In my experience, OpenVPN is easy to use and reliable. OpenVPN provides client software for Windows, Macs, iPhones/iPads and Android devices.
The neat thing about the LRT214's configuration for OpenVPN is all you do is enable the server, enable the client and configure a user name and password. You can customize the server settings for authentication options (password, certificate, or both), IP addresses, protocol, port, encryption and tunnel type if you like. But I found the defaults worked just fine.
Once you've enabled the server and client on the LRT214, the OpenVPN summary page allows you to click on an Export icon and download your SSL configuration file. On Windows, simply copy this file into the C:/Program Files/OpenVPN/config directory, and you're ready to connect to the LRT214. Shown below is the LRT214's OpenVPN summary page showing my active SSL tunnel. I circled the Export icon where you click to download the config file.
The LRT214 also supports OpenVPN connectivity on Android and iOS smartphones. However, the easiest option for smartphone remote access is to use PPTP tunnels, which doesn't involve loading an app. On the LRT214, enable the PPTP server and add a user name and password. On my iPhone, all I had to do was enter the LRT's WAN address, I used a DynDNS host name for the LRT's WAN address and entered my user name and password to connect. Below is a screenshot of the LRT214's PPTP config and status page...
...as well as a screen shot from my iPhone when connected to the LRT214 via PPTP.
iPhone and PPTP
To measure VPN throughput, I used iperf with default TCP settings, a TCP window size of 8 KB and no other options. I ran iperf on two PCs running 64-bit Windows with their software firewall disabled over a Gigabit network. (Running an iperf throughput test between two PCs uses the command iperf -s -w 8k on one PC and iperf -c (ip) -w 8k on the other PC.)
Below is a table showing my throughput measurements on the LRT214 with IPsec, SSL, and PPTP. IPsec was tested using AES 256 tunnel encryption.
|VPN Tunnel Type||Throughput (Mbps)|
|IPsec Site to Site||54.1||62.4|
Table 2: VPN Throughput
As listed in the features section above, Linksys rates the LRT214 capable of 110 Mbps for IPsec, which is higher than my measurement of 48.8 - 63.0 Mbps. A key difference is that Linksys' rating is based on UDP traffic, while my test measured TCP traffic. We always measure VPN performance with TCP traffic, as it is the protocol used for common network applications like web browsers and email clients.
Linksys told me the LRT214 should be able to do 10-12 Mbps for SSL. In my tests, SSL throughput was asymmetric at 11.3 Mbps in one direction and 3.5 Mbps in the other. The 3.5 Mbps measurement reflects throughput of traffic sent from the remote client to the LRT's LAN. If most of your remote traffic is going from the LRT's LAN to the remote client, than this lower SSL Client-to-Gateway performance may not be a concern.
I measured the LRT214's PPTP throughput to be more symmetric at 10.7 - 13.0 Mbps. Linksys didn't provide a PPTP throughput rating for me to compare to.