Product Review: Linksys WRV54G
Product: WRV54G Router
Vendor: Linksys
URL: www.linksys.com
Price: $150 US, Mail Order; $180 US, Retail
The Good
Linux inside with GPL source code.
The only product available with this features at this price point.
Tight integration with client VPN software, QuickVPN,
50 VPN tunnels supporting five simultaneous clients.
The Bad
A lot of rough edges in documentation (what there is) and configuration.
Questionable QA/QC at Linksys.
Cumbersome and frustrating tech support.
Linksys views its WRV54G router as fulfilling three main roles:
A low-cost access point small businesses can use to create hotspots for their customers.
A WRV54G VPN access point for connecting a client to multiple hosts.
A WRV54G-to-WRV54G secure connection between two or more locations.
To support option #1, the WRV54G comes with the Boingo HotSpot package. It is for the latter two applications, however, that most WRV54Gs are deployed.
Some features of the WRV54G include:
SPI Firewall
DHCP server
50 VPN tunnel support
4 10/100 HUB
128-bit WEP, WPA, RADIUS
Ability to limit IP and MAC, as well as user access to the Internet
Hardware and software DMZ
Some time ago, I was asked by a client to assist in the creation of a new office. The client had a restrictive set of requirements. The budget was tight, of course, but he also needed stable wireless, at least three 10/100 ports, a firewall, DHCP and an easy-to-use VPN. Plus, space limitations required all of this be contained in one box. That left me with a limited number of options.
I initially was at a loss; most solutions either were unfamiliar or outside the budget. The Cisco PIX 501 might have worked, but it lacked certain features we wanted; plus, the price was too high. A Cisco expert, however, suggested we look at the Linksys WRV54G. He said it had a "checkered past" but had improved in recent months: the new BIOS had solved the problems and the QuickVPN was easy to use and free.
From the client's perspective, the WRV54G was perfect. It had a street price well within the budget ($150) and all the capabilities we were looking for; plus, it came in a single nice-looking box. I also was happy with the decision to use the WRV54G. I had used pre-Cisco Linksys in the past with good results, although as of late, I have been using Netgear equipment, some Cisco and, on occasion, D-Link. I was happy to consider the WRV54G in order to support the company's use of Linux. Plus, I had excellent experience with pre-Cisco Linksys tech support. I was confident that all would be well.
I ordered a WRV54G and installed it with little difficultly, at least initially. The problems began when the SpeedStream 5100 modem provided by SBC Yahoo and the WRV54G did not get along. Granted, this is not completely the fault of the WRV54G. The 5100 originally was configured to control the PPPoE connection, with the WRV54G being the client. The SpeedStream 5100 periodically renegotiates the IP address and this cannot be disabled. This should not be an issue, but, unfortunately, the WRV54G would lock up completely on occasion. The solution was to have the WRV54G control the PPPoE and turn off all the "intelligence" in the modem. This solution only becomes an issue if the client requires SBC to provide technical support for the modem or DLS. SBC will not provide any technical support unless the modem is set back to the original configuration. The resolution of this problem took several telephone calls and e-mails to Linksys, not once with the same technician. This became a theme, repeating the situation over and over with each new technician.
I thought the problem was resolved, only to find out that the WRV54G simply was not stable. It would run well for a day or two and then simply stop. Often the router would not come back until I did a hard reboot or, worse, flashed the BIOS. Again, this is with the newest 2.36 BIOS in the WRV54G. Linksys tech support suggested--after several iterations and contentious conversations--there was some sort of issue with the unit. They suggested I return the unit and get another. I did that, with a little less grumbling. After all, DOAs happen, right?
After a visit to my favorite vendor, I installed unit number two. I plugged it in and pressed the button--nothing. No lights, not even a click from the switch. Actually, that was the clue. I took the unit back to the store and the tech opened the unit up--no switch on the motherboard. So, I got unit number three, only to be less than thrilled to discover that the third unit behaved the same as the fist. The third also had the additional problem of having the same MAC address repeatedly request a different IP address, filling up the DHCP table. The Linksys tech support response was to "flash the BIOS, and if that does not work, return it".
Finally, after a heated phone call to the Linksys/Cisco corporate headquarters, I was put in contact with a knowledgeable engineer who was able to help me and provide some insight about the WRV54G's behavior. It turns out that daemons are running within the WRV54G that don't seem to die properly when they should. One of the consequences of this behavior is the logical process of saving a working configuration and then updating the BIOS and loading the new configuration does not work. The reliable process really is this:
save the configuration
load the default settings for the present BIOS
upgrade the BIOS
load the default settings for the new BIOS
manually set up the configuration
This process is referred to obliquely on the BIOS download Web site, but it is not stated clearly nor is any explanation provided as to why this need to be done in this manner. When I applied this process to the original unit, it worked fine. In the meantime, my reputation was injured, I ate the cost difference between the retail versions because my client would not take back the original unit and I burned 20 gallons of fuel going to the client site.
Successes
QuickVPN works fine under DSL through SBC Yahoo. I have been able to connect to machines behind the firewall without any problems. I was able to configure a software DMZ after several more phone calls and e-mails, and the logging now works. The WRV54G e-mails me logs daily without any problems.
Failures
There are some problems with the VPN on the Charter cable modems. Some say the Charter blocks port 80, but Charter now denies that this is true. It is an unresolved problem in which the connection holds for a minute or two and then fails. In addition, the hardware DMZ does not seem to work yet. And there is a maximum of five possible concurrent VPN connections.
Bottom Line
Overall, the WRV54G has a lot of unrealized potential. Foremost, the WRV54G needs more and better support from Linksys. The only tech support I have encountered that was more frustrating was from motherboard manufacturers.
If you need a means to connect two locations securely or to allow access to multiple computers through a single firewall with a fairly simple setup and wireless support, the WRV54G is your best bet. But, keep the antacids handy as well as the receipt. You might have to go through one or two replacement lemons before you have lemonade.
The Linux community in conjunction with Linksys really needs to take this product under its wings and work out the problems. This product, as well as other Linux-based products from Linksys and other vendors, have an impact on the impression that people have of Linux in general. In my case, this was the first time any of my clients have had contact with Linux. Considering the hassle this project was, I suspect it will be difficult for me to convince this client and perhaps others to consider moving away from "other vendors" products in the near future. I believe most of the problems with the WRV54G now have been resolved, but the first impression is a lasting one.
Finally, Linksys really has to get its act together on the tech support front. At one point, Linksys tech support was the gold standard, but it has declined to the point that it now is the butt of jokes. It drove me crazy that the Linksys "techs" obviously were reading from a database of answers, and most had little actual knowledge of the equipment. Further, it drove me nuts to have to explain my situation over and over on multiple phone calls on exactly the same trouble ticket. To me, the ability to contact the same tech would be a dramatic improvement over the present situation.
Michael Boerner is a consultant based in St. Louis. He prefers to focus on Linux and can be reached at michael@boernerconsulting.com.