I have Dlink DFL-860 running as IPSEC server. I've tried to connect to it with Zywall W30 and Zywall 2 behind of NAT, calling DFL.
That's possible. The trick is to set "My Address" of ZyWalls to WAN address - which they get from the DHCP behind the Nat (and not the real IP).
So the right way is to configure WAN port statically or bind WAN interface to fixed IP via dhcpd.
And next, some throughput table with my settings (somehow same for all the tested devices):
Those devices are really antique (except DFL-860), but that's what I have to share.
I was not able to test D-Link DFL-100 and ASUS SL1000 because they are unable to do XAuth as client.
That's possible. The trick is to set "My Address" of ZyWalls to WAN address - which they get from the DHCP behind the Nat (and not the real IP).
So the right way is to configure WAN port statically or bind WAN interface to fixed IP via dhcpd.
And next, some throughput table with my settings (somehow same for all the tested devices):
Device | IPSEC/IKE1 throughput, as wget shows,kilo/megaBYTEs | ||
D-Link HV808 | 540 KB/s (0.5 megabits/sec) | ||
ZyWALL 30W | 1.28 MB/s | ||
ZyWALL 2 | 2.15 MB/s | ||
D-Link DFL-860E | 6.36 MB/s (note: the wire itself if 70Mbs) | ||
pppd over ssh, without hardware router (one side - banana PI, other is i7?) | |||
IPv4 | 1,05MB/s | ||
IPv6 | 962KB/s | ||
Direct wget over IPv4, for line testing | 9,64MB/s (but ISP says I have 70Mbs) | Direct wget over IPv4 via DI-808HV, Wan is DHCP | ~5.4MB/s |
I was not able to test D-Link DFL-100 and ASUS SL1000 because they are unable to do XAuth as client.