Cisco RV042G Small Business Dual Gigabit WAN VPN Router - info please?

VirtualLarry

No Lifer
Aug 25, 2001
56,226
9,990
126
https://www.newegg.com/Product/Prod...redRouters-_-9SIA36Z85W8736-S2A6B&ignorebbr=1

It's $94.99 @ Newegg right now, in their marketplace, supposedly more than half off list price.

I'm interested, because I have more than one wired internet connection, and one of them is gigabit, and the price is not unreasonable.

https://www.cisco.com/c/en/us/produ...bit-wan-vpn-router/data_sheet_c78-706724.html

Data Sheet last updated Aug. 2014... so I'm guessing that this is an EOL product?

It mentions 50 IPsec VPN tunnels, 50 QuickVPN tunnels for remote access, and 5 PPTP tunnels for remote access. 800Mbit/sec NAT throughput, 75Mbit/sec VPN throughput, not horrible, but would cap my gigabit FIOS a bit.

Not really sure what the max VPN throughput my AC68R/U router with Tomato will do. I know it will do gigabit WAN-to-LAN, if I enable CTF, but I don't think that I can do that at the same time if I enable multi-WAN support also.
 
Last edited:

VirtualLarry

No Lifer
Aug 25, 2001
56,226
9,990
126
OpenVPN being... an open-source implementation of VPN... is it also a standard for using VPN, like a protocol standard?
 

VirtualLarry

No Lifer
Aug 25, 2001
56,226
9,990
126
I also checked the RV042G's PPTP server performance using the Win 7 built in client. Gateway-to-client throughput of only 9 Mbps and client-to-gateway of only 12 Mbps (not shown) showed that PPTP performance isn't a priority for Cisco. These results closely match what Doug measured on the RV042 v3 for PPTP.
(from SNB review)

That's pretty slow...
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
OpenVPN being... an open-source implementation of VPN... is it also a standard for using VPN, like a protocol standard?
Yes, it's open source but supported and developed only by a private company. It's so popular it became a de facto standard (for consumers), but not backed up by a consortium or any group of companies.

None of the big companies (Cisco, Microsoft, Intel, HP, IBM, Broadcom, etc) support or implement OpenVPN technology.

The most common VPN being discussed and used by ISP or VPN providers (probably 99%) in this forum is OpenVPN, which is not supported by any Cisco / Netgear / HP business class routers.

==

https://openvpn.net/index.php/component/content/article/55-about-openvpn.html

Does OpenVPN support IPSec or PPTP?

There are three major families of VPN implementations in wide usage today: SSL, IPSec, and PPTP. OpenVPN is an SSL VPN and as such is not compatible with IPSec, L2TP, or PPTP.

The IPSec protocol is designed to be implemented as a modification to the IP stack in kernel space, and therefore each operating system requires its own independent implementation of IPSec.

By contrast, OpenVPN's user-space implementation allows portability across operating systems and processor architectures, firewall and NAT-friendly operation, dynamic address support, and multiple protocol support including protocol bridging.
 
Last edited:
  • Like
Reactions: VirtualLarry

mnewsham

Lifer
Oct 2, 2010
14,539
428
136
If you're looking for something for gigabit WAN with high VPN/IPsec throughput, i'd go with something like RB4011iGS+RM.
 
  • Like
Reactions: VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,226
9,990
126
Thanks for the info, networking gurus. This stuff is a little above my pay-grade. I've used PPTP VPN servers in my Tomato router, and the Windows 7 built-in VPN client when I was using open wifi at a car dealership a few times.

But other than that, I don't have heavy or commercial experience with VPNs, although I understand the theory.

I was mostly interested in, if this little router could handle two gigabit WAN connections, and at least, do fail-over, to my LAN, without being too expensive.

I have multi-WAN capability, thanks to Shibby Tomato, but I believe that the multi-WAN support, requires software NAT/routing on the router's (dual-core) CPU, so in that case, my max throughput on my gigabit FIOS would be capped at 300Mbit/sec through the router, if I used multi-WAN to also allow fail-over of my FIOS connection to my Comcast connection.

I want both, gigabit throughput, as well as fail-over. (I realize that load-balancing twin gigabit WANs, would require a multi-gigabit uplink to the LAN, which I don't have, nor does this router in question.)
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
Dual WAN gigabit does not make sense at all if you have only one ISP. If you have 2 Verizon FIOS , when the fiber is down, it's all down. You need 2 services from 2 ISPs to make sense. (Lets' say Verizon & Spectrum)

pfSense supports WAN failover, I think. And I believe it has better performance than consumer routers since it uses more powerful x86 CPU. pfSense 2.5 (not released yet) will require AES-NI capable x86 CPU though.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
There is no need to have same speed of service from different ISP for dual WAN failover, it's not a requirement.

Faster service is the main one, the other is only for backup. Backup service most of the time is in standby mode and not used at all .
 

mnewsham

Lifer
Oct 2, 2010
14,539
428
136
There is no need to have same speed of service from different ISP for dual WAN failover, it's not a requirement.

Faster service is the main one, the other is only for backup. Backup is not used at all and only in standby mode most of the time.
Agreed, you can't load balance two WAN connections from different ISPs, so no point going for dual gigabit WAN.

Primary gigabit, Secondary should just be whatever the cheapest option they offer, you shouldn't be concerned over the speed of the failover connection.
 

VirtualLarry

No Lifer
Aug 25, 2001
56,226
9,990
126
Agreed, you can't load balance two WAN connections from different ISPs, so no point going for dual gigabit WAN.

Primary gigabit, Secondary should just be whatever the cheapest option they offer, you shouldn't be concerned over the speed of the failover connection.
That's basically what I have right now. The fastest FIOS connection (Gigabit), and the slowest Comcast (equivalent to Starter). So what I was looking at, was mostly failover.

Back when I had 50Mbit/sec FIOS, and 10Mbit/sec Comcast, I used my AC68R running Shibby Tomato 1.40 multi-WAN, and used round-robin load-balancing, to achieve 60-70Mbit/sec speedtests. (Must use multi-streams, if it effectively reported a connection speed in excess of my single largest connection.)

I was also thinking, I could use multiple (dual) gigabit WANs, and round-robin load-balance them, but that would only really be meaningful, if my local LAN was faster than 1Gbit/sec anyways.
 

VirtualLarry

No Lifer
Aug 25, 2001
56,226
9,990
126
Agreed, you can't load balance two WAN connections from different ISPs
I'm curious about this. You can't "bond" them, but with a combination of weighted round-robin, and NAT, certainly you can share distinct outbound LAN connections, and rotate them among several WAN connections, spreading out the bandwidth load..
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
I'm curious about this. You can't "bond" them, but with a combination of weighted round-robin, and NAT, certainly you can share distinct outbound LAN connections, and rotate them among several WAN connections, spreading out the bandwidth load..
Why do you need this at all? Are you talking about downloading or uploading?

Round robin "load balancing" downloading only works in load balancing mode, not failover mode. A router can only operate in either load balancing mode or failover mode, not both at the same time. There is no load balancing possibility for outgoing (uploading) traffic because you have dual WAN IP addresses.

==

For bonding, you need special equipment from your ISP and that always means business. You have to pay a lot.
 
Last edited:

VirtualLarry

No Lifer
Aug 25, 2001
56,226
9,990
126
Yeah, round-robin load-balancing on disparate ISP WAN connections, is only really viable on outbound connections, for inbound listening connections, you either need to have a "default WAN", or be able to specify via protocol rules, which WAN port is bound to which internet network service.

And yes, I know that the router can't do both round-robin load-balancing as well as fail-over (at the same time), generally, it's one or the other.