Affordable, fast router to use with OpenVPN

[hor33650]

Hi All,

I'm looking for an inexpensive wireless router to use with NordVPN/OpenVPN. I found this: https://www.amazon.co.uk/GL-iNet-GL-MT300N-V2-Converter-Pre-installed-Performance/dp/B073TSK26W/

However for some reason this device gets around 15 Mbps on OpenVPN and much more on Wireguard. I need at least 50 Mbps. Ideally I want to stay below $75. Any recommendations?

Thanks.

 

[BigT]

Few questions.

1) Do you want to use the router as a VPN server or network wide VPN client to put all your devices behind or both?
2) If a network wide VPN client are you absolutely sure you want to do that? It comes with as many problems potentially (online banking not working, native geo locked media streaming not working etc.)
3) Do you already have a device (maybe NAS or file server) that runs 24/7 and could support either virtual machines or containers?

And a few points:

$75 simply won't buy an off-the-shelf device capable of routing OpenVPN traffic at 50Mbps (maybe, just maybe a Raspberry Pi might) so up the budget or lower your expectations.

Wireguard is much lighter on resource requirements which is why you see the performance difference in quoted speeds.

 

[hor33650]

1) I believe the former. I want to put this device next to my modem and switch networks as needed (e.g. I'm surfing the web and stumble upon censored content, I switch). Then you might ask why I don't use a VPN app. The reason is I have many devices (smart TV, numerous tablets, Chromecast, etc. - feel a dedicated VPN router will be easier)
2) I really didn't know, thanks for this
3) Unforunately no

On your last point: Understood, then perhaps a better way would be to get a new Wireguard VPN service (the problem is unfortunately I bought a 3-year Nordvpn subscription. Money down the drain I guess)

Thanks.

 

[BigT]

I don't use Nord personally, but I understand they are introducing Wireguard as a protocol so that subscription might not be going to waste:

https://nordvpn.com/blog/nordlynx-protocol-wireguard/

I think getting it up and running as a network wide client might require some Linux skills right now, but it looks like they are working on producing material and instructions for other OS and routers.

More generally I suggest you think about something called policy based routing on whatever network wide solution you decide upon. you say you'll "stumble upon censored content, I switch" - that's going to be a PITA to do ad-hoc every time I think.

Policy based routing on your router of choice will use rules to say automatically where traffic will go, either via VPN interface or without.

So for example, I have a rule setup for one particular machine's internal IP to always go out via a VPN interface because it's purpose is pretty much just downloading and moving media files up to the cloud - nothing that being always behind a VPN will restrict. I then have another rule that says no matter which machine on my network, if the destination is my newsgroup provider then route it via VPN. I kick off some downloads on different machines so this means I don't have to worry about which one I'm using, downloading is behind VPN.

In your use case maybe you can implement similar rules the other way around. So for example maybe the default is always behind the VPN except the IP addresses of your games machines because you want the 'cleanest', fastest connection and you don't do anything you worry about requiring a VPN. then add some rules to say if the destination is iPlayer, hulu, your online bank etc. then it routes without VPN. Taking the time to set that up properly will reap rewards long term.

Again, because I don't know Nord nor Wireguard that well I can't suggest a device in your budget that will do all this.

I think a Pi with PiVPN might be able to do this in budget but not sure. There's I think one particular Asus router that will do this at the speed you want with custom firmware for $200. Draytek, Mikrotik and Ubiquiti might have off the shelf devices that have the capability as would high end enterprise stuff but I don't know enough about them. But the one that I know does work, because I use it, is a $300 mini PC from the likes of Proctelli (other no-name Chinese copies are widely available) with an AES-Ni capable CPU (better OpenVPN performance) running pfSense. Other free firewall distributions will do the same on the same box like opnSense, Untangle, Sophos etc. and netgate sell appropriate pfSense appliances with proper support. Please don't expect all this to work without needing to get familiar with networking although some distributions/devices come with a steeper learning curve than others.

 

[Avalon]

You link to a UK Amazon listing and quote a budget in dollars, where are you based as the answer is generally slightly different in each hardware market.

Advice above is spot on, the ASUS router in question is probably the AC88U (and some of the 68/86U derivatives, but they are rare in the UK, not so much in the US). I really don't like or recommend ASUS networking products, especially using ASUS firmware. The cheap? option is likely a Pi4 running one of the VPN specific distro's, it's not as easy as the app approach, but it works for everything and removes the encryption overhead from the device to the Pi (handy on smart TV's for example which are generally under powered). However it won't scale well beyond 50-60Mbit, the Odroid N2, Rock64 and a number of other SBC's support AES and are much, much faster. The other (faster) option is an older PC, but you can either pay less and have increased power bills or pay more up front and get something power efficient. My current router is an i3 7100u with 16GB RAM & 120GB SSD, it sips power and can do near gigabit OpenVPN, but it set me back £120 (used), another option is an APU2, but again budget needs to increase up front.