Business DSL-VPN-Router

  • 2/3/4G LTE
  • Remote CATHEAD LTE antenna
  • Multiprotocol VPN
  • TPM
  • ADSL/2/2+, VDSL/VDSL2-Vectoring
  • Intelligent Firewall
  • Intelligent Routing
  • Connection Manager
  • Metal housing, industrial quality
  • Made in Germany

Functions and features

The VPN router - VR2020-LD with VDSL/ADSL and mobile radio - is manufactured according to the highest quality standards and is ideally suited for setting up secure branch networks or connecting mobile ATMs due to its high flexibility.

The VR2020-LD achieves high-speed Internet access with extremely high reliability through intelligent backup management and the use of two SIM cards (dual SIM support).

To enable the router to be operated on all modern DSL connections, including all-IP, the VR2020-LD has an integrated DSL modem that supports the ADSL/2/2+ and VDSL/VDSL2 standards as well as VDSL2 vectoring. The 2G, 3G and 4G radio connection is established via a multiband modem that supports the LTE (= Long Term Evolution), HSPA+, HSDPA/HSUPA, UMTS, EDGE and GPRS standards. The Ethernet WAN port allows both the realisation of any gateway connections and the connection of external modems (e.g. SDSL, cable, FTTH).

A VR2020-LD router can be easily integrated into a branch network or connected to a head office via a permanently established VPN tunnel and can thus be reached directly via private IP addressing. DynDNS is not required for access in this case, but can be set up at any time.

The fully implemented VPN standards IPSec and OpenVPN ensure maximum security during data transmission. Authentication is carried out either by means of stored certificates or pre-shared keys. The VPN router supports all modern encryption algorithms such as AES with up to 256-bit key length.

When it comes to security, the integrated Trusted Platform Module (TPM), which is used for the secure storage of secret keys, should also be highlighted. Cryptographic keys can be generated, used and securely stored within the TPM with the support of the integrated and secure random number generator (RNG). The Trusted Platform Module offers protection against software attacks as well as hardware manipulation.

A configurable high-security firewall is available to protect your network against attacks. This can be easily adapted to your individual requirements by rules and scripts.

The VPN router can be conveniently configured - both locally and remotely - via the intuitive web interface. Experts can also manage the VR2020-LD via command line (SSH).

For use in branch networks, automated remote configuration/maintenance via TDT C.O.R.E. is ideal, as is monitoring via a network management system such as Checkmk.

All features in detail

  • Modular software structure
    The modular software structure offers the possibility to integrate customer-specific/customer-developed software.
  • DHCP (Dynamic Host Configuration Protocol)
    A communication protocol that allows clients to retrieve and servers to assign the network configuration (client/relay/server)
  • Protocols
  • DNS (Domain Name System)
    It manages the namespace in networks, e.g. for the conversion of domain names into IP addresses (client/relay/server).
  • Dynamic DNS
    Dynamic DNS: It is used to dynamically update the IP address of a computer so that it can always be reached under the same name.
  • NTP (Network Time Protocol)
    Standard for time synchronization over networks (client/server)
  • Routing
    Static Routing (IPv4 Forwarding)
    Static Routing (IPv6 Forwarding)
    Policy-based routing (PBR)
  • NAT (Network Address Translation)
    Source and Destination NAT/NAPT and Masquerading
  • QoS (Quality of Service)
    For prioritizing data packets to meet quality standards, especially for time-critical transmissions/applications
  • Real-time statistics and log function
  • Syslog-Client
  • TPM (Trusted Platform Module)
    The TPM chip is comparable to a fixed smart card. The TPM protects cryptographic keys; these can be generated, used and securely stored within the TPM. It provides protection against software and hardware attacks (physical manipulation results in the destruction of the stored keys). In addition, the integrated random number generator (RNG) provides secure number sequences as a basis for securely encrypted communication.
  • Firewall
    Zone based Stateful Inspection Firewall (IPv4/IPv6) with Packet Filter and Demilitarized Zone (DMZ);
    Bridging Firewall
  • OpenVPN
    Free software based on OpenSSL for building a secure VPN over an encrypted connection. Both routed and bridged tunnels (client/server) are supported.
  • IPSec
    Internet Protocol Security: for secure VPN communication over potentially insecure IP networks. IKEv1/IKEv2/MOBIKE (client/server and IPSec passthrough) are supported.
  • L2TP (Layer 2 Tunneling Protocol), passthrough
    Tunnel protocol for transferring the security layer (layer 2) of the OSI model between two networks
  • WireGuard
    WireGuard uses the latest, particularly powerful cryptographic algorithms, e.g. the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. WireGuard gets a further performance boost from the fact that the software runs as a Linux kernel module on the server side. WireGuard uses only public keys for identification and encryption and can therefore do without a certificate infrastructure.
  • Hash Algorithms
    MD5, SHA1, SHA2 256/512
  • Diffie Hellman Groups
    Key exchange for backup: 1, 2, 5, 14, 15, 16, 17, 18
    Modulo Prime Groups with Prime Order Subgroup: 22, 23, 24
    NIST Elliptic Curve Groups: 25, 26, 19, 20, 21
    Brainpool Elliptic Curve Groups: 27, 28, 29, 30
  • Encryption algorithms
    AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256
  • Number of VPN tunnels
    The number of configurable VPN tunnels is not limited on the software side. Depending on the application, up to
    30 VPN tunnels (VR2020 series),
    400 VPN tunnels (G3000- & G4000 series) and
    5000 VPN tunnels (G5000 series) possible.
  • MultiWAN manager with complex backup options
    - Multihomed and multi-level backup target strategies
    - Optimization of switching times
    - Preventing unnecessary switching
    - Optimization of the downshift
    - Prevention of switching instabilities (flutter)
    - Mobile radio: Provider switching with MultiSIM
    - Dynamic connection parameters (Default Route, Policy based Routes, etc.)
    - Configurable connection check (Ping, LCP echo etc.)
  • VRRP (Virtual Router Redundancy Protocol)
    With support of Multi group VRRP
  • Administration/Configuration
    Over the network using Command Line (SSH) and HTTPS and over Command Line (SSH) using the console port
  • Remote configuration/maintenance
    Remote configuration/maintenance can be carried out via TR-069 Standard if required. A configuration via TDT C.O.R.E. is also possible.
  • Firmware update
    Firmware updates can be implemented via SSH, HTTPS and (TR-069).
  • SNMP (Simple Network Management Protocol)
    SNMP is a network protocol developed to monitor and control network elements from a central station.
  • Checkmk agent
    For connection to the network management system Checkm
  • Processor
    Energy-efficient and fanless MIPS processor architecture
  • Working memory
    128 MB
  • System memory
    Future-proof 128 MB Flash
  • WAN-Port
    10/100/1000 Mbit/s
  • 4-Port Switch
    10/100 Mbit/s; the ports have their own MAC addresses and can be virtually separated.
  • LEDs
    A power LED and 9 freely configurable LEDs are available for status information.
  • USB Ports
    2x USB;
    e.g. backup, UPS management via USB-to-Serial-Adapter
  • Crypto Engine
    Hardware acceleration for encryption/decryption
  • TPM (Trusted Platform Module)
    For secure storage of secret keys
  • Console port
    The Micro-USB configuration interface (Console), with integrated USB-to-Serial chip, offers an easy way to address the router independent of the network.
  • Connection for power supply via hollow connector
    The power supply can optionally be equipped with a terminal.
  • RS232 interface
    Optionally available as terminal strip (Rx/Tx/GND)
  • VDSL2
    ITU-T G.993.2 up to profile 30a
  • VDSL2-Vectoring
    according to ITU-T G.993.5
  • VDSL1
    ITU-T G.993.1, T1.424, TS 101 270
  • ADSL/2/2+
    ITU-T G.992.1/3/5
  • DSL Forum Performance Specifications
    ADSL TR-048/67, TR-100; VDSL: WT-114
  • Erasure Decoding
    Increased interleaver depth and re-transmission bonding
  • EFM (IEEE 802.3 ah)
  • ITU-T G.998.2
  • DSL connection
    RJ45 jack
  • High-speed M2M mobile connectivity
  • Penta Band LTE
    - Category 3
    FDD (=Frequency Division Duplex) bands:
    - 1 (2100 MHz)
    - 3 (1800 MHz)
    - 7 (2600 MHz)
    - 8 (900 MHz)
    - 20 (800 MHz)
    - Download max. 100 Mbps
    - Upload max. 50Mbps at 20MHz, MIMO
    - Download Category 24 / Upload Category 6
    FDD bands:
    - 1 (2100 MHz)
    - 3 (1800 MHz)
    - 8 (900 MHz)
    - Dual Carrier (DC-HSPA+) Download max. 42.2Mbps, Upload max. 5.76Mbps
    - UMTS Down- and Upload max. 384Kbps
  • Dual Band GSM/GPRS/EDGE
    Multi-slot class 12
    Frequency bands:
    - EGSM 900 (MHz)
    - DCS 1800 (MHz)
    - EDGE Download max. 236.8kbps, Upload max. 118.4Kbps
    - GPRS Download max. 85.6kbps, Upload max. 85.6kbps
  • MultiSIM
    For use of 2 SIM cards for backup scenarios.
    One SIM slot is located on the front of the device, one is located inside the housing.
  • Antenna connection
    2 SMA (female)
    With antenna detection for easier error detection
  • GNSS (Global Navigation Satellite System)
    The global satellite systems NAVSTAR GPS (Global Positioning System) and GLONASS (GLObal NAvigation Satellite System) are used for positioning. The tracking sensitivity is better than -158 dBm.
  • Antenna connection
    1x SMA (female)
  • Robust metal housing
    Optional with top-hat rail clip
  • Dimensions
    185x33x155 (WxHxD in mm, without antennas)
  • Weight
    approx. 860 g
  • Operating temperature
    -20° C to +50° C (during operation)
  • Humidity
    85% (non-condensing)
  • Power supply
    Power supply 12V, 1A
  • Input voltage
    Wide range 9V-30V DC
  • Power consumption
    ≤ 5W (DSL enabled), ≤ 3W (DSL disabled)

3 years bring-in manufacturer warranty

VR2020-LD, plug-in power supply, remote CATHEAD LTE antenna with 1.8m cable length, patch cable, quick start guide

Model overview Router

VR2020-D1xoptional4xup to 30
VR2020-LD1xoptional4xup to 30
G3000see Ethernet3xup to 400
G3000-Wsee Ethernet3xup to 400
G3000-Lsee Ethernet3xup to 400
G3000-LWsee Ethernet3xup to 400
G3000-LL2xsee Ethernet3xup to 400
G3000-LLW2xsee Ethernet3xup to 400