araknis Araknis routers

[Jason Vaughan]

For some unmknown reason Araknis seems to have a very poor selection of VPNs in its settings:

Open VPN - This is secure but requires third party software to be installed. Mac, IOS and Windows do not support it with their built in VPN client

IPSec - This is only for router to router connections, not mobile user to router

PPTP - This is highly insecure and is similar to using WEP for WiFi. Mac and IOS do not even support it anymore due to its dreadful security. https://www.ovpn.com/en/blog/pptp-has-become-obsolete. Even Microsoft (who developed it) advises you not to use it due to its security (or lack of).

Why not include L2TP over IPSec? This is secure and works natively on Mac, Windows and IOS.

I think specifying an Araknis router was a mistake. At £506 ex VAT it is an expensive option. Draytek has far more features, is cheaper and supports L2TO over IPSec. 

I know what I will be specifying in future.

[Alt]

I too thought the 520 router supported L2TP over IPsec as a server. But just loged into one and your right only gateway to gateway… Was this changed? I thought when they first came out they where marketed as having L2TP server but I could be wrong. 

[Andrew luecke]

I agree nobody should be using pptp.

However, OpenVPN is good because it punches through firewalls fairly easily most of the time, is easy to setup, configure and easy to route. Very easy to install. It's not a big deal honestly that the client doesn't come pre installed because it's so easy to install.

Ipsec can have issues when routing.  Ipsec has its uses, but not sure where  you'd use it for residential over wireguard which is absolutely awesome. Generally you tend to see ipsec used mainly for site to site on most routers or routers which cost significantly more

I always used open VPN once it became available) honestly even when we had the option for ipsec because it was less screwing around though

These days, its heading towards Wireguard though, which has clients for everything and is basically magic. It supports split vpn and such too. Wireguard would be the better focus than ipsec on a residential targeted router. Openvpn for most people is still likely the most common choice though. Ipsec can be complicated and feels like it's a different market segment honestly

Snap also owns access networks if more advanced network requirements are required like Enterprise, and those are the kinds of environments you'd also probably want more router based defenses too (especially if you're operating split vpns and such)