Skip to main content

User Manual

VPN types in Keenetic routers

VPN (Virtual Private Network) — a generic name for technologies that provide one or more network connections (tunnels) over another network (e.g., the Internet).

There are many reasons for using virtual private networks. The most common of these are security and data privacy. The confidentiality of original user data is guaranteed using data protection tools in virtual private networks.

It is known that IP (Internet Protocol) networks have a 'weak point' due to the structure of the protocol. There are no means of protecting the transferred data and no guarantee that the sender is the one he claims to be. The data in an IP network can be easily tampered with or intercepted.

We recommend using a VPN connection to connect from the Internet to your home server, USB flash drive files connected to a router, DVR, or a computer desktop through the RDP protocol. In this case, you don't have to worry about the security of the transmitted data because the VPN connection between the client and the server is usually encrypted.

Keenetic devices support the following types of VPN connections:

  • PPTP/SSTP

  • L2TP over IPSec (L2TP/IPSec)

  • WireGuard

  • OpenVPN

  • IPSec

  • IKEv2

  • GRE/IPIP/EoIP

  • IPSec Xauth PSK (Virtual IP)

With the help of a Keenetic router, your home network can be connected via a VPN to a public VPN service, office network, or another Keenetic device, regardless of Internet connection type.

VPN clients/servers for secure access (PPTP, L2TP over IPSec, IKEv2, Wireguard, OpenVPN, SSTP) as well as tunnels for network interconnection (Site-to-Site IPSec, EoIP (Ethernet over IP), GRE, IPIP (IP over IP) are implemented in all Keenetic devices.

Depending on the protocols used and the purpose, a VPN can provide connections in different scenarios: host-host, host-network, hosts-network, client-server, clients-server, router-router, routers-router (VPN concentrator), network-network (site-to-site).

If you don't know what type of VPN to choose, the tables and recommendations below will help you.

VPN type

Client

Server

Hardware acceleration*

Number of simultaneous connections

PPTP

+

+

-

  • Client: up to 128

  • Server: up to 100/150/200 depending on model **

SSTP

+

+

-

  • Client: up to 128

  • Server: up to 100/150/200 depending on model **

L2TP over IPSec

+

+

+

  • Client: up to 128

  • Server: no limitation

WireGuard

+

+

-

up to 32***

IPSec

+

+

+

no limitation ****

IKEv2

+

+

+

up to 32

GRE / IPIP / EoIP

+

+

-

up to 128

OpenVPN

+

+

-

up to 32

IPSec Xauth PSK

-

+

+

up to 32

* — in the Starter, Runner 4G, Launcher, Explorer, Carrier models, only the AES algorithm acceleration is used, and in Skipper, Titan, Hero, Giant, Peak the entire IPSec protocol hardware acceleration is used.

**up to 200 for Hero and Titan; up to 150 for Carrier DSL; up to 100 for Starter, Launcher, Explorer and Carrier.

*** — from KeeneticOS 3.7 the number of WireGuard connections is increased to 128 for Peak and to 48 for Hero, Titan, Skipper, Hero 4G, Giant and Speedster.

**** — before KeeneticOS 3.3, the limit was 10 connections for Hero, Titan, and 5 for all other models.

Important

The number of client connections is limited by the dedicated service storage space (24 Kbytes) for VPN configurations. This is especially important for OpenVPN connections, as the total size of their configurations should not exceed 24 Kbytes.

VPN type

Difficulty level

Level of data protection

Speed**

Resource intensity

OS integration

PPTP

for ordinary users

low

average

low

Windows, macOS, Linux, Android, iOS (up to and including v9.)

SSTP

for ordinary users

high

average, low operating via the cloud

average

Windows

L2TP over IPSec

for ordinary users

high

high

high

Windows, macOS, Linux, Android, iOS

WireGuard

for advanced users

very high

high

low

not available*

IPSec

for professionals

very high

high

high

Windows, macOS, Linux, Android, iOS

IKEv2

for ordinary users

high

high

high

Windows, macOS, Linux, iOS

OpenVPN

for advanced users

very high

low

very high

not available*

IPSec Xauth PSK

for ordinary users

high

high

high

Android, iOS

* — you will need to install additional free software in Windows, macOS, Linux, Android, iOS operating systems to set up the connection.

** — values are relative, not the exact figures, because speeds for VPN connections depend on models and several factors - the type of encryption algorithms used, the number of simultaneous connections, the type of the Internet connection, the speed and the load of the Internet channel, the load on the server and other factors. Let's consider low speed up to 15 Mbit/s, average speed around 30 - 40 Mbit/s, and high speed — over 70 Mbit/s.

VPN type

Advantages

Disadvantages

PPTP

popularity, high customer compatibility

low level of data protection, in comparison with other VPN protocols

SSTP

the capability of VPN-server operation using the private IP-address for Internet access *, via HTTPS protocol (TCP/443)

the built-in Windows-only client, low data transfer rate when working through the cloud

L2TP over IPSec

security, stability, high customer compatibility

the standard ports are used, which allows the ISP or system administrator to block the traffic

WireGuard

modern data security protocols, low resource intensity, high data transfer rate

is not a part of the modern OS, development is experimental, and instability may occur

IPSec

reliability, very high level of data protection

the configuration is difficult for ordinary users

IKEv2

reliability, very high level of data protection, easy setup, supports Blackberry devices

not included in Android (you need to use additional free software), standard ports are used, which allows the ISP or system administrator to block traffic

OpenVPN

high level of data protection, the use of HTTPS protocol (TCP/443)

is not a part of the modern OS, very resource-intensive, low data rates

IPSec Xauth PSK

security, it is a part of a modern mobile OS

lack of customer support for PC operating systems

* — This feature is implemented on our cloud server as a special software extension and is available only for the users of Keenetic devices.

In most cases, for client-server remote connections, we recommend the following protocols:

  • L2TP over IPSec (L2TP/IPSec), PPTP, IPSec Xauth PSK, SSTP

In many Keenetic models, data transfer over IPSec (including L2TP over IPSec and IKEv2) is hardware accelerated using the device processor. You don't have to worry about the privacy of IP telephony or CCTV streams in such a tunnel.

If your ISP gives you a public IP address, we recommend you to pay attention to the IKEv2, the so-called IPSec virtual server (Xauth PSK), and L2TP over the IPSec server. They are great because they provide secure access to your home network from your smartphone, tablet, or computer with minimal configuration: Android, iOS, and Windows have convenient built-in clients for these types of VPNs. For IKEv2 on Android, use the free popular strongSwan VPN client.

If your ISP only provides you with a private IP address to surf the Internet, and you can't get a public IP, you can still organize remote access to your home network using an SSTP VPN server. The main advantage of the SSTP tunnel is its ability to work through the cloud, i.e., it allows establishing a connection between the client and the server, even if there are private IP addresses on both sides. All other VPN servers require a public IP address. Please note that this feature is implemented on our cloud server and is available only for Keenetic users.

As for the PPTP tunnel protocol, it is the easiest and most convenient to configure, but potentially vulnerable compared to other types of VPN. However, it is better to use it than not to use a VPN at all.

And for advanced users, we may add these VPNs to the list above:

  • WireGuard, OpenVPN

OpenVPN is very popular but extremely resource-intensive and has no particular advantages against IPSec. Keenetic devices have such features as TCP and UDP mode, TLS authentication, certificates and encryption keys to improving VPN connection's security for OpenVPN connections.

Modern protocol WireGuard will make it easier and faster to work with VPN (several times compared to OpenVPN) without increasing the power of the hardware in the device.

To consolidate networks and organize a Site-to-Site VPN, use:

  • IPSec, L2TP over IP (L2TP/IPSec), WireGuard

To solve specific problems of network interconnection:

  • EoIP, GRE, IPIP

IPSec is one of the most secure VPN protocols due to its crypto secure encryption algorithms. It is the best option for establishing Site-to-Site VPN connections to interconnect networks. It is possible for professionals and advanced users to create IPIP, GRE, EoIP tunnels both in pure form and in combination with IPSec tunnels, which will allow you to use IPSec VPN security standards to protect these tunnels. Support for IPIP, GRE, EoIP tunnels makes it possible to establish a VPN connection with hardware gateways, Linux routers, UNIX/Linux computers, and servers, as well as other network and telecommunication equipment supporting these tunnels. The tunnel setting of this type is available only in the router's command-line interface (CLI).

For more information on configuring different types of VPNs in the Keenetic devices, read the instructions: