Hello! Another article in blog is devoted to the use of VPN routers in small and medium-sized enterprises. Reliable high-speed Internet access is a mandatory attribute of a modern office. But the reliability and speed of the Internet almost entirely depends on the router used. In fact, the router is the heart of the office, since all the data circulating on the local network of the enterprise passes through it. And even a short-term stop of this «heart» is able to paralyze the work of an entire office. That is why it is so important to take seriously the choice and purchase of a router. How to choose a suitable router that fully meets the needs of your business will be described in this article.
Table of contents
- 1 What is a modern router with VPN support
- 2 What you should pay attention to buying a router for your company
- 3 Installing and configuring a VPN on the router
- 4 Modern VPN routers for small businesses
- 4.1 Linksys LRT224
- 4.2 TP-Link ER7206 Multi-WAN Professional Wired Gigabit VPN Router
- 4.3 Netgear Insight Instant VPN Business Router BR500, BR200
- 4.4 TP-Link Safestream Multi-WAN TL-R600VPN
- 4.5 D-Link DSR-1000AC
- 4.6 Synology RT2600ac
- 4.7 TP-Link AX5400 WiFi 6 Router (Archer AX73)
- 4.8 NETGEAR Nighthawk X10 Smart Wi-Fi Router (R9000)
- 5 FAQ
What is a modern router with VPN support
Router – one of the most important elements of a modern network. These devices choose the optimal route for transmitting data packets from the sender to the recipient. Figuratively speaking, routers on the Internet play the same role as post offices in regular mail communication. Router classes range from basic routers (Core router), which are used by telecom operators and owners of the largest Internet services (for example, Google or Amazon), to small home routers used by ordinary users to access the Internet and create a home network. Routers designed to serve local area networks of small and medium-sized enterprises form a special class of these devices – business class routers. Compared to home routers, business class routers have a lot of advantages, which we will talk about later.
What you should pay attention to buying a router for your company
When designing a local network, even for a small office, it is necessary to take into account many factors on which the smooth operation of the enterprise depends. Here are the main criteria on the basis of which a local network should be built:
- scalability. If necessary, the network should be easily expanded without replacing the router;
- reliability and safety. The network should be protected by a firewall and support reliable VPN protocols;
- performance and high throughput. The normal operation of the office depends on it;
- simplicity of setup and manage. The budget of a small enterprise does not provide vacancies for a professional system administrator, so the setup and administration of a local network should be available not only to a professional.
This follows the general requirements for a router for business:
- a business class router should have excellent performance, the higher the processor power, the more computers, that is, jobs are able to service the router. Therefore, it is necessary to give preference to models with powerful multi-core processors;
- the high overall throughput of the router is also very important. If the router has a low throughput, then with large volumes of traffic, the data transfer rate will drop sharply;
- the more available ports the router has, the less problems there will be with network expansion. If you prefer to create a local network based on Wi-Fi, then the signal from the router should be strong enough to cover the entire office area without any problems;
- there must be a Dual-WAN load balancing capability, since even a short-term absence of an Internet connection can have disastrous consequences for business;
- it should be possible to configure the DMZ;
- in a large office, you can’t handle without VLANs, so this technology should be supported by all business class routers;
- if you plan to create a local network based on Wi-Fi, then the router should support WPA2 or WPA3 technology (WPA is the Wi-Fi Protected Access security protocol, WPA2, WPA3 are improved WPA, support modern AES encryption standards) and MAC address filtering;
- naturally, there must be a built-in firewall to protect the local network from intruders and malicious code penetration;
- the ability to filter content and the presence of advanced security settings must be present in the business class router;
- similarly, built-in VPN support is currently not a luxury, but an urgent need. Read more about why VPN is important for any office here.
- high fault tolerance. Overload should not lead to an emergency shutdown of the router;
- the interface of the control panel should be intuitive, the configuration of the router should be accessible not only to a professional.
Thus, if you plan to further expand the local network of your enterprise, create new jobs, then buy a router with a good margin of performance and throughput capacity. It is mandatory to have a built-in VPN client and VPN server and support for several VPN protocols. There must also be the ability to filter content individually for each connected device – you don’t want your company’s employees to spend their working time visiting social networks and entertainment sites. What is Dual-WAN, DMZ and VLAN load balancing will be described in the following sections.
What Dual-WAN load balancing is?
Business class routers have the ability to connect to an external network via two WAN ports, and each port can be connected to different Internet providers. That is, you get two independent Internet channels. If one of the Internet providers fails, then all traffic will go through the WAN port connected to the second Internet provider. The ability to manage two Internet channels is called Dual-WAN load balancing.
There are two modes of Dual-WAN load balancing: Failover&Failover and Load Balance.
- Failover&Failback – in this mode of operation, one of the WAN ports is considered the main one, and the second is considered auxiliary. During normal operation, all traffic goes through the main port. In case of any malfunction of the main port, the router will automatically switch to the spare port;
- Load Balance – in this mode, the load is evenly distributed between the two WAN ports. In case of any network problems on one of the ports, the load on the second port increases.
Note that Dual-WAN load balancing also allows you to configure the local network so that traffic from individual computers and other devices goes through a specific WAN port.
For example, if there are only 12 computers in the office, you can make it so that traffic from the first six computers goes through the first WAN port, and traffic from the rest of the computers goes through the second.
What Demilitarized Zone (DMZ) is?
DMZ or Demilitarized Zone – a dedicated part of the local network that can be accessed from an external network. In our case, the Demilitarized Zone is a part of the local network that is not protected by the router’s firewall. For example, if you need users from the Internet to access a certain server in your office (it can be freelancers, remote workers, etc.), you simply place this server in the demilitarized zone in the router settings – DMZ.
What VLAN is?
VLAN (Virtual Local Area Network) technology allows you to create several virtual subnets on the basis of one local network. For example, the router has 4 LAN ports, to each of which 3 computers are connected via switches, that is, the local network consists of 4*3=12 computers. Using a VLAN, you can split a local network into 4 virtual subnets, each of which will have three computers. At the same time, computers located in different subnets will be isolated from each other. As you can see, VLAN technology is indispensable when you need to create several departments in one office. Another important advantage of VLAN technology is that you can set your own security policy and access rights for each virtual subnet.
Installing and configuring a VPN on the router
Nowadays, only those companies that take the security and protection of confidential data seriously can withstand competition and survive. Therefore, even small firms allocate funds to protect their Internet connection. And the cheapest way to protect the Internet traffic of a small enterprise is to set up a VPN on a router. Switcherry VPN company offers ready-made solutions for small and medium-sized businesses. Our corporate clients receive dedicated high-performance VPS servers that are ideal for servicing small and medium-sized enterprises. Write to our company’s support service to get the data needed to connect to our service. How to configure the router yourself to work with a VPN was described in the article «How to install and configure VPN on the router». After setting up, you can check the speed and security of your VPN connection.
In the next section, we will proceed to choosing the router that is most suitable for your company’s needs. All prices are current for December 2021.
Modern VPN routers for small businesses
We recommend choosing one of the routers in our list.
Linksys LRT224
Technical specifications:
- total throughput capacity: up to 1000 Mbps;
- available ports: 4 Gigabit LAN, 1 Gigabit WAN, 1 Gigabit WAN/DMZ;
- supported VPN protocols: OpenVPN, IPsec, PPTP;
- price on Amazon: $413.99
Description:
Linksys LRT224 – an old (produced since 2013), but a very well-proven router for small businesses. A control panel with an intuitive interface. Supports Dual-WAN, VLAN, DMZ technologies. However, if you want to connect the router to two different Internet providers in order to create a Dual-WAN load balancing, you will have to abandon the creation of a demilitarized zone, since the same Gigabit WAN/DMZ port is used to connect the router to the second provider and to create a DMZ. The router can simultaneously serve up to 50 IPsec VPN tunnels and 5 OpenVPN tunnels. It can also work as an OpenVPN server.
TP-Link ER7206 Multi-WAN Professional Wired Gigabit VPN Router
Specifications:
- total bandwidth: 1700 Mbps;
- Number of available ports: 1 Gigabit WAN, 2 Gigabit WAN/LAN, 2 Gigabit LAN, 1 SFP WAN;
- VPN protocols supported: IPSec, L2TP/IPSec, PPTP, OpenVPN;
- Amazon price: $149.99
Description:
Powerful router for small to medium sized businesses. Can support local network operation with 700 client connections. Full support for DMZ, Dual-WAN and VLAN technologies. Supports 100 IPsec, 50 OpenVPN, 50 L2TP and 50 PPTP VPN tunnels at the same time. Configurable firewall with content filtering and protection against DoS attacks.
Netgear Insight Instant VPN Business Router BR500, BR200
Technical specifications:
- processor: 2-core, 1.7GHz;
- total bandwidth: 924 Mbps;
- Number of available ports: 4 Gigabit LAN, 1 Gigabit WAN;
- VPN protocols supported: SSL, IPsec, IKEv2, PPTP, L2TP, OpenVPN (BR200 only).
Description:
Two small business routers are identical in appearance and with similar specifications. The main difference between them is that BR200 has built-in support for OpenVPN, BR500 doesn’t support this VPN protocol. In addition BR500 has a 5 year warranty and BR200 has a 2 year warranty. Otherwise, routers are indistinguishable from each other – both support 256 VLAN subnets, 1 DMZ, work as a VPN-client/VPN-server, content filtering by keywords and domain names. Dual-WAN technology is not supported by these routers.
TP-Link Safestream Multi-WAN TL-R600VPN
Technical specifications:
- total throughput capacity: 680 Mbps;
- number of available ports: 1 Gigabit WAN, 3 Gigabit WAN/LAN, 1 Gigabit LAN;
- supported VPN protocols: IPSec, L2TP/IPSec, PPTP;
- price on Amazon: $124.99
Description:
A simple inexpensive router for small businesses. Supports the creation of a demilitarized zone and Dual-WAN load balancing. The router can simultaneously serve 20 IPsec, 16 L2TP and 16 PPTP VPN tunnels. The intuitive web interface will allow you to easily configure the router. The firewall has built-in protection against DoS attacks. The disadvantage of the router is the lack of support for the OpenVPN protocol.
D-Link DSR-1000AC
Technical specifications:
- total throughput capacity: 1.3 Gbps;
- number of available ports: 2 Gigabit WAN, 4 Gigabit LAN, 2 USB 2.0;
- supported VPN protocols: SSL, GRE, PPTP, L2TP, IPSec, OpenVPN;
- prices on Amazon: $570.98
Description:
A modern multifunctional router for small businesses. It is perfect for deploying a local network on both Wi-Fi and cables. Full support for AMD, Dual-WAN and VLAN technologies. If desired, you can even create a third Internet connection via a USB port using a USB modem. High-speed Wi-Fi supports all modern security protocols: WEP, WPA-PSK, WPS, WPA2-PSK. It has support for all modern VPN protocols. It can simultaneously serve 155 VPN tunnels, including 70 IPsec tunnels, 20 SSL/TLS tunnels, 25 PPTP/L2TP tunnels, 20 GRE tunnels, 20 OpenVPN tunnels. Disadvantage – high price.
Synology RT2600ac
Technical specifications:
- processor: 2-core, 1.7GHz;
- total throughput capacity: 2.53 Gbps (2500 Mbps);
- number of available ports: 3 Gigabit LAN, 1 Gigabit WAN/LAN, 1 Gigabit WAN, 1 USB 3.0, 1 USB 2.0, 1 SD card reader (SDXC, SDHC);
- supported VPN protocols: SSTP, OpenVPN, L2TP / IPSec, PPTP;
- price on Amazon: $219.66
Description:
An excellent router for creating a local network, both based on WI-Fi (you can create a network on cables, but the choice of Wi-Fi is preferable). Supports DMZ and Dual-WAN technologies (the cable of the second Internet provider is connected to the WAN/LAN port). All modern Wi-Fi security protocols are supported (WEP, WPA-PSK, WPA2-PSK). It can work as a VPN client and VPN server, there is support for most popular VPN protocols. User-friendly control panel interface, easy configuration of content filtering for each user. Synology RT2600ac was originally created as a home computer for a large family, but it will work fine in a small office.
Buy Synology RT2600ac on Amazon.
TP-Link AX5400 WiFi 6 Router (Archer AX73)
Technical specifications:
- processor: 3-core, 1.5GHz;
- total throughput capacity: 5378 Mbps;
- number of available ports: 4 Gigabit LAN, 1 Gigabit WAN, 1 USB 3.0;
- supported VPN protocols: OpenVPN, PPTP;
- price on Amazon: $199.95
Description:
Modern (its production started this year) and powerful router for home and office. Uses the latest Wi-Fi 6 wireless communication standard using the most advanced security protocols WPA3, WPA2-Enterprise, WPA2-PSK. Six antennas will provide 100% coverage of your office, the absence of «dead zones» is guaranteed. The built-in firewall will reliably protect against DoS attacks. The intuitive interface of the control panel allows you to easily configure the router to a person who is far from IT technologies. For those who are going to create a wireless office.
NETGEAR Nighthawk X10 Smart Wi-Fi Router (R9000)
Technical specifications:
- processor: 4-core, 1.7 GHz;
- total throughput capacity: 7200 Mbps;
- number of available ports: 6 Gigabit LAN, 1 Gigabit WAN, 1 10Gigabit LAN SFP+, 2 USB 3.0;
- supported VPN protocols: OpenVPN, PPTP;
- price on Amazon: $531.00
Description:
A powerful upscale router for home, but can also be used to create a local network in the office, both on the basis of cable connections and Wi-Fi. One of the fastest routers in its class. A configurable firewall will provide protection against DDoS attacks and allow you to configure an individual security policy for each workplace.