The landscape for VPN routers has changed over the years. As of a few years ago, sophisticated VPN routers with IPSEC were ethernet-only. Nowadays there are many VPN routers with wifi ports. (When I say “VPN router” I do not only mean a router that permits employees to log in remotely. I also mean a router that can establish IPSEC tunnels from one location to another.) But I looked and looked and have only found one company making VPN routers providing dual-band wifi (both 2.4 GHz and 5 GHz). It is a Shanghai-based company called UTT. (You can see one of their products at right, and here is the product page.)
But the main point of today’s blog article is not to identify a new product with a helpful combination of features. The main point of today’s blog article is to recognize good tech support.
Here’s what happened. I installed one of these routers in one of our locations. The location is large enough that a second wifi access point is needed to cover the entire location. This second wifi access point is connected via wired ethernet with the router. This is thus a rather specialized use case. Many, perhaps most purchasers of this router would not need to connect a separate access point. Or if they had coverage issues, they would use a purely wifi-based solution for extending coverage. (There are a lot of drawbacks to using a purely wifi-based device to extend wifi coverage, but that will be the subject of a separate blog article.)
So in my specialized use case, I was pushing the limits of the router design. Any router these days with multiple LAN ports will contain an “ethernet switch”. The ethernet switch which is inside the router is a functional block that keeps track of which MAC address has been recently seen at which port. The goal is to maximize the bandwidth of the various ports by sending each outbound ethernet frame only to the one port that needs to receive that frame.
Well, what happens if I move my mobile phone or my laptop computer from the access point wifi coverage area to the router wifi coverage area? The result is that my MAC address was previously on an ethernet LAN port of the router and is now on a wifi LAN port of the router. And if the port table of the ethernet switch takes a few minutes to update, I will find that I can’t get the wifi to work for a few minutes.
I reported this problem to UTT’s tech support one afternoon (US time). And by the next morning (US time) they had a solution. I should apply a small patch to the router firmware. And it worked!
Of course the time zones help to explain this. While I was sleeping, it was daylight in Shanghai. And the tech support people at UTT were scrambling to replicate the problem. I guess they found some access point in their support lab, hooked it up to one of their routers, and replicated the problem. And then devised a patch to fix the problem. (My guess is that they changed the time-to-live for the ethernet port table entries to a much shorter number.) Anyway, I received the patch just eight hours later, when I started the morning in the US.
Next I had a problem getting the PPTP server to work in the router. I reported the problem in the evening (US time) and the UTT tech support people straightened me out the next morning (US time).
So if you want a good dual-band wifi router with IPSEC and PPTP capabilities, this is the only router I have found and it works well. We’ve ordered up several more of these routers and I will be using them to replace one by one the several IPSEC routers in our extended network.