Top critical review
34 people found this helpful
Hit and Miss VPN Router
on June 19, 2012
The VFG6005N is a mixed-bag. On the one hand, my internet speeds, wireless speeds, and wireless range increased when switching to the VFG6005N from a DIR-655. This router features a NAT "Hardware Accelerator," and while I do not have any hard data on performance with and without the accelerator, anecdotally, webpages are noticeably faster than on the DIR-655, which is a great router in and of itself. It was worth noting, however, that enabling bandwidth management or PPTP will disable the accelerator. The router also provides useful charts on data usage and open sessions, and is natively compatible with OpenDNS. Additionally, site-to-site IPsec (Openswan based) and PPTP worked flawlessly, and the VPN performance was significantly better than the previous VPN routers I had used (FVS-318 v3, DIR-130, WRV54g, BEFVP41). On the other hand, though, the router has some rather serious issues.
With routers it is important to note the firmware version, and my VFG6005N came with version VFG6005N_V2.07(VFN.1)A0. I could not find an upgrade on ZyXEL's website (an example of a poorly designed website), but I have read on some forums that a newer firmware is available upon direct request to ZyXEL. I put in an email to customer support but am yet to hear back. I will update if I receive new firmware.
Here are my issues with firmware VFG6005N_V2.07(VFN.1)A0. First, I cannot choose the wireless mode: B/G, B/G/N, N-only. The drop-down box, although appearing in the instruction manual, is missing from the "Wireless - Basic" options. Second, there is no static routing. While this is a somewhat advanced feature, almost every router I've had in the past 5 years had it. Moreover, it becomes of critical importance on a VPN router in passing traffic between multiple subnets. It appears the router automatically establishes routes for site-to-site IPsec tunnels and PPTP users, but the router threw an error in the log when attempting to automatically add a route for a road-warrior IPsec tunnel. Because this is allegedly a entry-business-grade VPN router, the omission of static routing is somewhat alarming. Third, the router does not have a admin page which clearly identifies whether a VPN is connected. Even worse, I have found that the IPsec page will show a tunnel as disconnected when it is, in fact, connected. Forth, while both the instruction manual and the firmware offer L2TP tunnels, based upon the router logs, the L2TP server (an l2tpd implementation) starts but does not respond to incoming requests. Fifth, the status page (the default and most useful page) has an advertisement for BitDefender. Unless ZyXEL wants to sell the VFG6005N at a discount because it is ad-supported, I find this advertisement to be in poor taste. Sixth, and this may be unique to me, but I could not get the VFG6005N to sync with my DDNS account. A critical issue for remote access. Finally, there is no HTTPS page for administration of the router.
Given the router's excellent speed, I hope that future firmware fixes these issues, but at present, I struggle to recommend the VFG6005N for anything other than a basic wireless-N router. Given its $100 price tag, a dual-band router from Netgear, Linksys, D-Link, or ASUS would probably be a better.
ZyXEL customer support responded to my email. The support personnel pointed me to a Box.com account with the most recent firmware: v2.07(VFN.3)A0_20120607. This firmware fixed my DDNS issue but removed the option of a L2TP VPN, even though L2TP never worked in the first place. I also am now able to select between B/G, B/G/N, and N-only wireless. While the updated firmware does not really help my opinion of the VFG6005N, it does give me hope that ZyXEL will continue to improve its product.
ZyXEL released new firmware for the VFG6005N on September 10, 2012: v2.07(VFN.3)A0_20120718. Although ZyXEL has no change log or release notes for the update, the firmware seems to address some stability problems which had presented since I put the router into service. Before the update, the web administration for the router stopped functioning every couple of days even though internet traffic would still pass. A reboot typically fixed the issue, but sometimes the router would hang on reboot and fail to pass traffic. Since the update, the router has been stable. As for other features, I have not seen any changes, and without release notes, it is difficult to tell. The road-warrior IPsec does seem to be more reliable. However, this is anecdotal at best.
After the stability improvements from September firmware update, I began using this device as my primary firewall. This increased usage has made apparent several of the routers significant flaws. The lack of HTTPS support for the web administration is practically unforgivable on a entry-level SOHO router. Further, the list of compatible USB 3G devices is abysmal, and a recent email with ZyXEL customer support indicates that the chance of expanded compatibility (i.e. adding more 4G devices) is unlikely in the future. That same email with ZyXEL customer support also indicated that XAUTH will not be added to the IPsec server. Finally, while the recent firmware did improve things, the web administration still crashes from time to time, requiring a reboot. In fact, when writing this review, the web administration would not load.
The firmware has not been updated since September of 2012, and the product has been moved from ZyXEL's "On-going" product line to its "Legacy" product line.