Price: $229 MSRP
Pros: 50 VPN endpoints, extensive access controls.
Cons: Needs frequent restarts to configure, on/off switch is front
A feature found in most wireless broadband routers is virtual private network
(VPN) pass-through capability, at technology many use to securely connect to
corporate networks from within their homes. But if you’re looking for a WLAN
router that can provide VPN capabilities <b>into</b> the home or
SOHO office, there are comparatively few choices. The latest is the Linksys
Wireless-G VPN Broadband Router WRV54G, a unit that provides VPN endpoint
capability with up to 50 concurrent tunnels.
The $229 WRV54G sports a sleek, slim, and silver-colored chassis, which can
be utilized in either horizontal or vertical orientation (but not wall mounted,
evidently). A single 5dBi antenna tilts and swivels from the unit, and is removable
via a reverse-SMC connector. The WRV54G uses the Conexant <QUOTE NASDAQ:CNXT>
PRISM GT wireless chipset.
The first thing that caught my attention on the router was a large on/off button
conspicuously located on the front of the unit. I have worked with more routers
than I can remember, and never before have I seen a power switch on such a device.
The presence of one seems incongruous on a device that by nature is designed
to remain on at all times. Indeed, under what scenario would you want to turn
a router off? I can certainly envision an office environment where such a prominent
power switch might encourage someone to turn it off at the end of each day.
This could of course cause a number of potential problems, not the least of
which might be questions as to why the network is so slow each morning at 9
One characteristic that is a more significant downside is that many configuration
changes require a reboot of the router — perhaps the need for a power switch
is now clear. Rebooting normally wouldn’t be a huge problem, but the WRV-54G
takes a quite a while (upwards of a minute, by my count) to "warm up"
to the point that the router responds to pings and its admin interface.
Once rebooted, the WRV-54G also had difficulty communicating through the cable
modem to the Internet. Power cycling the cable modem didn’t address the issue,
and I found the solution was to manually release and renew the router’s WAN
DHCP address from within the admin interface. That’s inconvenient to say the
least, and probably another reason to avoid using the power button.
The Linksys offers access extensive access control features, with the ability
to filter traffic in both direction based on a custom schedule. The WRV-54G
also offers content filtering, but it’s at a very minimal level. Only four fields
are provided to block URLs and six for keywords.
The WRV-54G offers logging capability and actually maintains two separate logs.
One is for general system events like when a configuration change is made or
an access policy is enforced. The other is for alert events, such as an unauthorized
login attempt or attack behavior on the WAN.
Unfortunately, the WRV-54G doesn’t allow you to actually view the logs on the
device. That’s not a big problem though, since both Syslog (Linksys offers their
own log viewer as a free download) and e-mail alerts are supported. In the case
of the latter, you can specify separate e-mail addresses for the general and
alert logs, which gives you the option of directly notifying someone at a point
of escalation about more serious issues.
A useful diagnostics page lets you ping hosts directly from the router, simplifying
WAN troubleshooting. Like any good business-class router should, the WRV-54G
supports SNMP for remote monitoring and management.
The WRV-54G’s DMZ feature has an interesting and potentially useful twist–
in addition to the typical means of specifying an LAN IP address for DMZ duty,
you can use a hardware DMZ mode which makes one of the router’s switched ports
into a DMZ on a separate subnet.
One potential pitfall–the WRV-54G’s DHCP server only lets you configure a
scope with a single DNS server, which could potentially cause client access
problems should it go down.
Clearly, the WRV-54G’s major selling point is the VPN access it provides: the
unit supports several different methods of encryption, authentication, and key
exchange. Setting up VPN tunnels wasn’t that difficult, and Linksys says the
VPN will work with any IPSec compatible client, including the embedded client
in Windows 2000/XP.
I was ultimately able to securely connect to the WRV-54G using a remote XP
client, but only after considerable trial and error. The product documentation
wasn’t particularly helpful in this regard, so you should expect an initial
learning curve, depending on your requirements.
The WLAN features of the WRV54G are for the most part basic. Unfortunately,
the WRV54G lacks a means to control the radio transmitter output, which would
be preferable for the security benefit it provides.
In addition to lowly WEP, the WRV-54G supports a full compliment of wireless
encryption and authentication methods, including WPA (both TKIP and AES encryption)
and RADIUS/802.1x for external authentication.
Wireless throughput of the WRV54G was as good as any 802.11g product I’ve tested,
and held up well over distance, starting with 23.23 Mbps at 10 feet. This fell
to 20.40 at 25 feet, 15.50 at 50 feet, 14.35 at 75 feet, and 11.23 at 100 feet.
Throughput fell to 6.30Mbps at 125 feet.
Mixed mode performance was excellent at 19.01 Mbps, well in excess of the typical
13-15 Mbps. As always, enabling WPA encryption exacted a minimal performance
penalty, resulting in 18.32 Mbps at 10 feet.
The WRV54G only supports half the number of VPN tunnels as similar products
(the Netgear ProSafe
VPN Firewall/Router, model FVL328, for example), but costs about $100 less.
The presence of a power switch is hard to explain, and the connection issues
following reboots are hard to forgive. However the WRV54G still distinguishes
itself as a good small business router with excellent administrative control
and remote VPN access, along with good wireless performance at a reasonably