VR2020-LD
Business DSL-VPN-Router
- 2/3/4G LTE
- Remote CATHEAD LTE antenna
- Multiprotocol VPN
- TPM
- ADSL/2/2+, VDSL/VDSL2 vectoring
- Intelligent firewall & routing
- Fully implemented IPSec and OpenVPN
- WireGuard
- Connection Manager
- Metal housing, industrial quality
- Made in Germany
Functions and features
The VPN router - VR2020-LD with VDSL/ADSL and mobile communications - is manufactured to the highest quality standards and is ideal for setting up secure branch networks or connecting mobile ATMs thanks to its high level of flexibility.
The VR2020-LD achieves high-speed internet access with extremely high reliability thanks to intelligent backup management and the use of two SIM cards (dual SIM support).
So that the router can be operated on all modern DSL connections, including All-IP, the VR2020-LD has an integrated DSL modem that supports the ADSL/2/2+ and VDSL/VDSL2 standards as well as VDSL2 vectoring. The 4G wireless connection is provided via a multi-band modem that supports the LTE (= Long Term Evolution), HSPA+, HSDPA/HSUPA, UMTS, EDGE and GPRS standards. The Ethernet WAN port allows the realisation of any gateway connections as well as the connection of external modems (e.g. SDSL, cable, FTTH).
A VR2020-LD router can be easily integrated into a branch network or connected to a head office via a permanently established VPN tunnel and can therefore be accessed directly using private IP addressing. DynDNS is not required for access in this case, but can be set up at any time.
The fully implemented VPN standards IPSec and OpenVPN ensure maximum security during data transmission. Authentication is carried out using either stored certificates or pre-shared keys. The VPN router supports all modern encryption algorithms such as AES with a key length of up to 256 bits.
When it comes to security, the integrated Trusted Platform Module (TPM), which is used to securely store secret keys, should also be emphasised. Cryptographic keys can be generated, used and securely stored within the TPM with the support of the integrated and secure random number generator (RNG). The Trusted Platform Module offers protection against both software attacks and hardware manipulation.
A configurable high-security firewall is available to protect your network from attacks. This can be easily customised to your individual requirements using rules and scripts.
The VPN router can be conveniently configured - both locally and remotely - via the intuitive web interface. Experts can also manage the VR2020-LD via command line (SSH).
Automated remote configuration/maintenance via TDT C.O.R.E. and monitoring via a network management system such as Checkmk are ideal for use in branch networks.
All features in detail
- Modular software structure
The modular software structure offers the option of integrating customised/custom-developed software. - DHCP (Dynamic Host Configuration Protocol)
A communication protocol that enables clients to retrieve and servers to assign the network configuration (client/relay/server) - Protocols
z. E.G. IP, TCP, UDP, PPP, ARP, RARP, ICMP - DNS (Domain Name System)
It manages the name space in networks, e.g. for converting domain names into IP addresses (client/relay/server). - Dynamic DNS
Dynamic DNS: It is used to dynamically update the IP address of a computer so that it can always be reached under the same name. - NTP (Network Time Protocol)
Standard for time synchronisation via networks (client/server) - Routing
Static routing (IPv4 forwarding)
Static routing (IPv6 forwarding)
Policy-based routing (PBR) - NAT (Network Address Translation)
Source and destination NAT/NAPT and masquerading - QoS (Quality of Service)
For prioritising data packets to meet the quality standard, especially for time-critical transmissions/applications - Real-time statistics and log function
- Syslog client
- TPM (Trusted Platform Module)
The TPM chip is comparable to a permanently installed smart card. The TPM protects cryptographic keys; these can be generated, used and securely stored within the TPM. It offers protection against software and hardware attacks (physical manipulation results in the destruction of the stored keys). In addition, the integrated random number generator (RNG) provides secure number sequences as the basis for securely encrypted communication. - Firewall
Zone-based stateful inspection firewall (IPv4/IPv6) with packet filter and demilitarised zone (DMZ);
Bridging firewall - OpenVPN
Free software based on OpenSSL for setting up a secure VPN via an encrypted connection. Both routed and bridged tunnels (client/server) are supported. - IPSec
Internet Protocol Security: for secure VPN communication via potentially insecure - L2TP (Layer 2 Tunneling Protocol), passthrough
Tunnelling protocol for transmitting the data link layer (Layer 2) of the OSI model between two networks - WireGuard
WireGuard uses the latest, particularly powerful cryptographic algorithms, e.g. the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. WireGuard gets a further performance boost from the fact that the software is executed on the server side as a Linux kernel module. WireGuard uses only public keys for identification and encryption and can therefore dispense with a certificate infrastructure. - Hash algorithms
MD5, SHA1, SHA2 256/512 - Diffie Hellman Groups
Schlüsselaustausch zum Sichern: 1, 2, 5, 14, 15, 16, 17, 18
Modulo Prime Groups with Prime Order Subgroup: 22, 23, 24
NIST Elliptic Curve Groups: 25, 26, 19, 20, 21
Brainpool Elliptic Curve Groups: 27, 28, 29, 30 - Encryption algorithms
AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256 - Number of VPN tunnels
The number of configurable VPN tunnels is not limited by the software. Depending on the application, up to
- 30 VPN tunnels (VR2020 series),
- 400 VPN tunnels (G3000 & G4000 series) and
- 5000 VPN tunnels (G5000 series) are possible.
- MultiWAN manager with complex backup options
- Multihomed and multi-level backup target strategies
- Optimisation of switchover times
- Prevention of unnecessary switching
- Optimisation of switchback
- Prevention of switching instabilities (fluttering)
- Mobile telephony: Provider switching with MultiSIM
- Dynamic connection parameters (default route, policy-based routes, etc.)
- Configurable connection check (ping, LCP echo, etc.) - VRRP (Virtual Router Redundancy Protocol)
- With support for Multi group VRRP
- Management/configuration
Via the network using Command Line (SSH) and HTTPS as well as via Command Line (SSH) using the console port - Remote configuration/maintenance
If required, remote configuration/maintenance can be carried out using the TR-069 standard. Configuration via TDT C.O.R.E. is also possible. - Firmware update
Firmware updates can be realised via SSH, HTTPS and (TR-069). - SNMP (Simple Network Management Protocol)
SNMP is a network protocol that was developed to monitor and control network elements from a central station. - Checkmk agent
For connection to the Checkmk network management system
- Processor
Energy-efficient and fanless MIPS processor architecture - Main memory
128 MB - System memory
Future-proof 128 MB flash - WAN-Port
10/100/1000 Mbit/s - 4-Port Switch
10/100 Mbit/s; the ports have their own MAC addresses and can be virtually separated. - LEDs
A power LED and 9 freely configurable LEDs are available for status information. - USB ports
2x USB; e.g. backup, UPS management via USB-to-serial adapter - Crypto Engine
Hardware acceleration for encryption/decryption - TPM (Trusted Platform Module)
For secure storage of secret keys - Console port
The micro-USB configuration interface (console), with integrated USB-to-serial chip, offers an easy way to access the router independently of the network. - Connection for power supply via barrel connector
The power supply can also be fitted with an optional terminal. - RS232 interface
Optionally available as a terminal strip (Rx/Tx/GND)
Hardware specifications
- High-speed M2M mobile connectivity
- Penta Band LTE
- Category 3
FDD (=Frequency Division Duplex) bands:
- 1 (2100 MHz)
- 3 (1800 MHz)
- 7 (2600 MHz)
- 8 (900 MHz)
- 20 (800 MHz)
- Download max. 100 Mbps
- Upload max. 50Mbps bei 20MHz, MIMO - Tri Band UMTS/HSPA+/DC-HSPA+ (WCDMA)
- Download Category 24 / Upload Category 6
FDD bands
- 1 (2100 MHz)
- 3 (1800 MHz)
- 8 (900 MHz)
- Dual Carrier (DC-HSPA+) Download max. 42.2Mbps, Upload max. 5.76Mbps
- UMTS Down- und Upload max. 384Kbps - Dual Band GSM/GPRS/EDGE
Multi-slot class 12
Frequency bands:
- EGSM 900 (MHz)
- DCS 1800 (MHz)
- EDGE Download max. 236.8kbps, Upload max. 118.4Kbps
- GPRS Download max. 85.6kbps, Upload max. 85.6kbps - MultiSIM
For the use of 2 SIM cards for backup scenarios.
One SIM slot is located on the front of the device, one is located inside the housing. - Antenna connection
2 SMA (female)
With antenna detection for easier fault detection
- GNSS (Global Navigation Satellite System)
The global satellite systems NAVSTAR GPS (Global Positioning System) and GLONASS (GLObal NAvigation Satellite System) are used to determine the position. The tracking sensitivity is better than -158 dBm. - Antenna connection
1x SMA (female)
- Robust metal housing
Optionally with top-hat rail clip - Dimensions
185x33x155 (WxHxD in mm, without antennas) - Weight
approx. 860 g - Operating temperature
-20° C to +50° C (during operation) - Air humidity
85% (non-condensing) - Power supply
Plug-in power supply 12V, 1A - Input voltage
Wide range 9V-30V DC - Power consumption
≤ 5W (DSL activated), ≤ 3W (DSL deactivated)
VR2020-LD, power supply, remote CATHEAD LTE antenna with 1.8m cable length, patch cable, quick start guide