Types of VPN in Keenetic

VPN (Virtual Private Network) - a generic name for technologies that enable one or more network connections (tunnels) over another network (e.g., the Internet).

There are many reasons for using virtual private networks. The most common of these are security and data privacy. The confidentiality of original user data is guaranteed with the use of data protection tools in virtual private networks.

It is known that IP (Internet Protocol) networks have a 'weak point' due to the structure of the protocol. There are no means of protection of the transferred data and no guarantee that the sender is the one whom he claims to be. The data in an IP network can be easily tampered with or intercepted.

We recommend using a VPN connection if you are connecting from the Internet to your home server, USB flash drive files connected to a router, DVR, or a computer desktop through RDP protocol. In this case, you don't have to worry about the security of the data being transmitted, because the VPN connection between the client and the server is usually encrypted.

The Keenetic devices support the following types of VPN connections:

  • PPTP/SSTP
  • L2TP over IPSec (L2TP/IPSec)
  • WireGuard
  • OpenVPN
  • IPSec
  • GRE/IPIP/EoIP
  • IPSec Xauth PSK (Virtual IP)

With the help of the Keenetic router, your home network can be connected via a VPN to a public VPN service, office network, or another Keenetic device, regardless of Internet connection type.

VPN clients/servers for secure access (PPTP, L2TP over IPSec, Wireguard, OpenVPN, SSTP) as well as tunnels for network interconnection (Site-to-Site IPSec, EoIP (Ethernet over IP), GRE, IPIP (IP over IP) are implemented in all the Keenetic devices.

Depending on the protocols used and the purpose, a VPN can provide connections in different scenarios: host-host, host-network, hosts-network, client-server, clients-server, router-router, routers-router (VPN concentrator), network-network (site-to-site).

If you don't know what type of VPN to choose, the tables and recommendations below will help you do that.

VPN type
Client Server Hardware acceleration* Number of simultaneous connections
PPTP + + - Client: up to 128
Server: up to 100/150/200 depending on model **
SSTP + + -
L2TP over IPSec + + + Client: up to 128
Server: no limitation
WireGuard + + - up to 32
IPSec + + + no limitation ***
GRE/IPIP/EoIP + + - up to 128 
OpenVPN + + - no limitation
IPSec Xauth PSK - + + no limitation
Table 1.

* — in Starter, Launcher, Sprinter, Hopper, Glider, Explorer, Carrier models only the AES algorithm acceleration is used, and in Skipper, Titan, Hero models the entire IPSec protocol hardware acceleration is used.

** — up to 200 for Hero and Titan; up to 150 for Hopper DSL and Carrier DSL; up to 100 for Starter, Launcher, Sprinter, Hopper, Glider, Explorer and Carrier.

*** — before KeeneticOS 3.3, the limit was 10 connections for Hero, Titan, and 5 for all other models. 

NOTE: Important! The number of client connections is limited by the dedicated service storage space (24 Kbytes) for VPN configurations. This is especially important for OpenVPN connections, as the total size of their configurations should not exceed 24 Kbytes.

VPN type
Difficulty level Level of data protection Speed** Resource intensity OS integration
PPTP for ordinary users low average low Windows, macOS, Linux, Android, iOS (up to and including v9.)
SSTP for ordinary users high average, low operating via the cloud average Windows
L2TP over IPSec for ordinary users high high high Windows, macOS, Linux, Android, iOS
WireGuard for advanced users very high high low not available*
IPSec for professionals very high high high Windows, macOS, Linux, Android, iOS
OpenVPN for advanced users very high low very high not available* 
IPSec Xauth PSK for ordinary users high high high Android, iOS
Table 2.

* — you will need to install additional free software in Windows, macOS, Linux, Android, iOS operating systems to set up the connection.

** — values are relative, not the exact figures, because speeds for VPN connections depend on models and several factors - the type of encryption algorithms used, the number of simultaneous connections, the type of the Internet connection, the speed and the load of the Internet channel, the load on the server and other factors. Let's consider low speed up to 15 Mbit/s, average speed around 30 - 40 Mbit/s, and high speed - over 70 Mbit/s.

VPN type
Advantages Disadvantages
PPTP popularity, high customer compatibility low level of data protection, in comparison with other VPN protocols
SSTP the capability of VPN-server operation using the private IP-address for Internet access *, via HTTPS protocol (TCP/443)

the built-in Windows-only client, low data transfer rate when working through the cloud

L2TP over IPSec security, stability, high customer compatibility the standard ports are used, which allows the ISP or system administrator to block the traffic
WireGuard modern data security protocols, low resource intensity, high data transfer rate is not a part of the modern OS, development is experimental and instability may occur
IPSec reliability, very high level of data protection the configuration is difficult for ordinary users
OpenVPN high level of data protection, the use of HTTPS protocol (TCP/443) is not a part of the modern OS, very resource-intensive, low data rates
IPSec Xauth PSK security, it is a part of a modern mobile OS lack of customer support for PC operating systems
Table 3.

* — this feature is implemented on our cloud server as a special software extension and is available only for the users of Keenetic devices.

In most cases, for clients-server remote connections, we recommend the following protocols:

  • L2TP over IPSec (L2TP/IPSec), PPTP, IPSec Xauth PSK, SSTP

In many Keenetic models, data transfer over IPSec (including L2TP over IPSec) is hardware accelerated using the device processor. You don't have to worry about the privacy of IP telephony or CCTV streams in such a tunnel.
If your ISP gives you a public IP address, we recommend you to pay attention to the so-called IPSec virtual server (Xauth PSK) and L2TP over IPSec server. They are great because they provide secure access to your home network from your smartphone, tablet, or computer with minimal configuration: Android, iOS, and Windows have convenient built-in clients for these types of VPNs.
If your ISP only provides you with a private IP address to surf the Internet, and you can't get a public IP, you can still organize remote access to your home network using an SSTP VPN server. The main advantage of the SSTP tunnel is its ability to work through the cloud, i.e., it allows establishing a connection between the client and the server, even if there are private IP addresses on both sides. All other VPN servers require a public IP address. Please note that this feature is implemented on our cloud server and is available only for Keenetic users.
As for the PPTP tunnel protocol, it is the easiest and most convenient to configure, but potentially vulnerable in comparison to other types of VPN. However, it is better to use it than not to use a VPN at all.

And for advanced users we may add these VPNs to the list above:

  • WireGuard, OpenVPN

OpenVPN is very popular but extremely resource-intensive and has no particular advantages against IPSec. The Keenetic devices have such features as TCP and UDP mode, TLS authentication, use of certificates and encryption keys to improve the security of the VPN connection for the OpenVPN connection.
Modern protocol WireGuard will make it easier and faster to work with VPN (several times compared to OpenVPN) without increasing the power of the hardware in the device.

To consolidate networks and organize a Site-to-Site VPN, use:

  • IPSec, L2TP over IP (L2TP/IPSec), WireGuard

To solve specific problems of network interconnection:

  • EoIP, GRE, IPIP

IPSec is one of the most secure VPN protocols due to its crypto secure encryption algorithms. It is the best option for establishing Site-to-Site VPN connections to interconnect networks. For professionals and advanced users, it is possible to create IPIP, GRE, EoIP tunnels both in a simple way and in combination with IPSec tunnels, which will allow you to use IPSec VPN security standards to protect these tunnels. Support for IPIP, GRE, EoIP tunnels makes it possible to establish a VPN connection with hardware gateways, Linux routers, UNIX/Linux computers, and servers, as well as other network and telecommunication equipment supporting these tunnels. The tunnel setting of this type is available only in the command-line interface (CLI) of the router.

For more information on configuring different types of VPNs in the Keenetic devices, read the instructions:

 

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.