Are there some drawback to create software VPN using virtual server instead phisical router?

Pretty much everything the hardware routers can do, a properly configured computer can do. Software like pfSense will configure a firewall with VPN abilities quite easily for both site to site and road warrior users.

Using a regular computer has the advantage of not being locked into a particular vendor or type of device. You can choose which software you want to use for a VPN, or even have multiple types - I often use a combination of OpenVPN, SSH tunnels and an HTTP proxy, for remote access to my company network, depending on what I'm doing and where.

One advantage the hardware routers SOMETIMES have is an encryption accelerator - which a PCI(e) or miniPCI(e) card which does all the encryption - this is much faster than doing it in software, and allows them to have significantly higher throughputs and handle more users. Not all of them include this feature, and depending on the WAN connections you have it might not make any difference anyways. But if you are looking to connect between two sites with say 100Mbit fibre, hardware acceleration will help. You can also buy some of these cards and add them to your own solution.

The other advantage they have is support - someone to call when it breaks or you can't figure out how to configure something. And someone to rush over with a brand new unit when it dies.

Many of the enterprise VPN units are underneath it all just running linux and openvpn with a shiny UI to it. That does make it easier to configure. But it also makes it difficult or impossible to adjust anything the vendor doesn't think you'll need to.

None of these are the "wrong" way to do it. You can do this with dedicated network hardware. You can do this with general-purpose servers. They could be physical or virtual. The things you need to account for are:

1. Cost to acquire
2. Cost to maintain
3. Effort to maintain

Network equipment can be higher for item 1, but lower for 2 & 3. If you don't do a lot of virtualization, items 2 & 3 might be high - and if the link goes down because of something you did, remote management is going to be tough. It's pretty easy to stick a call-in modem on a Cisco for true out-of-band management if you screw up a config statement and lock yourself out, or the ISP is making changes that you have to match. That's a little tougher for a VMware guest.

A number of articles out there that will answer your question

• http://www.techrepublic.com/article/get-it-done-software-vpn-vs-hardware-vpn/1059747
• http://vpn.sockslist.net/cgi-bin/vpn/virtual_private_network_vpn_hardware_vs_software.html?do=hardvssoft
• http://searchnetworking.techtarget.com/definition/hardware-VPN

Taken from the last link

A hardware VPN is a virtual private network ( VPN) based on a single, stand-alone device. The device, which contains a dedicated processor, manages authentication, encryption, and other VPN functions, and provides a hardware firewall. Hardware VPNs provide enhanced security for the enterprise in much the same way that hardware routers offer additional security (when compared to firewall programs) for home and small-business computer users.

A traditional VPN is, essentially, a set of programs on the same platform as the network operating system. Such a VPN provides remote offices or individual users with secure access to their organization's network by using the shared public telecommunications infrastructure and standard security measures. Hardware VPNs offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs provide load balancing and the ability to handle large client loads. Administration is managed through a Web browser interface.