Recommendations for VPN capable Router

[Pulsedriver]

Hey folks,

I currently have a BT Hub (Smart hub or whatever the newest one is called) and I am looking to set up a VPN (Nord in particular) the way I see it I have 2 options;
(I have BT Infinity)

1) Replace the Smart hub with a VPN capable wireless router to 'do it all'

2) Purchase a separate WiFi Router and set the NordVPN on that, and plug it into the Smart hub.


Option 1 is neater, but I do not necessarily want every device going through the VPN, maybe just a couple of computers / tablets. - Unless there is a way of splitting the traffic per SSID?

Option 2 is an extra plug... But I can just use that for the devices that I want to connect on a VPN only and leave the Smart hub as the 'main hub' for everything else.

Any suggestions / better ideas / recommendations hardware-wise?

Thanks

 

[pcfarrar]

I'm fairly sure you could do this with a Draytek 2862, which is an all in one unit, it's not something I've tried though.

 

[bremen1874]

If you can live with the double NAT then option 2 is decent option (certainly the cheapest).

 

[BigT]

Nice to see someone think there will be implications by putting the entire network behind a VPN. People do it then get fed up when their Firestick no longer plays iPlayer!

So for option one you can selectively route traffic if your router can support something like policy based routing. I do it on pfSense but don't know which all-in-ones can. I would hazard a guess at Draytek, Mikrotik and custom firmwares on Asus devices perhaps.

I lived with double NAT for a while too as per your option 2 would introduce and I never really found it to be problematic at all.

The other consideration is speed. Hopefully you are aware that consumer routers are unlikely to max out your internet connection (assuming full speed fibre) while doing all the encryption required for the VPN tunnel. Not that I have experience but my reading around suggests only the Mikrotik is going to be able to do that at a reasonable price point.

I know you're keen to keep all-in-one but separating it out gives you best of breed for every part of what you want to achieve. Lots of people with seperate APs, modem and router get fast, consistent wifi with greater range and highly configurable network VPN solutions running solidly with kit that can be transferred as the ISP is changed, even between connection types. Few go back to all-in-one, however it is not the cheapest solution for sure.

 

[meandu229]

You could also use an single board computer such as Pi3/odroid as a gateway, then on devices you want to run through that gateway you just set the gateway to the sbc's ip address.
Depending on how fast your home internet is it may or may not max it out. I use a odroid hc2 and have the gateway in an lxd container. I just ran a speed test and results are below from a 58/17 line.

Retrieving speedtest.net configuration...
Testing from Inter Connects Inc (5.153.233.51)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by SpaceDump IT AB (Stockholm) [0.89 km]: 57.024 ms
Testing download speed................................................................................
Download: 46.31 Mbit/s
Testing upload speed................................................................................................
Upload: 16.04 Mbit/s

 

[Pulsedriver]

Some good suggestions guys thank you.

I've gone with option 2, ordered an ASUS RT-AC66U_B1 and will load merlin on it when it arrives and just plug it into the BT Hub, then create a new SSID for the ASUS and connect anything I want using the VPN to that, and leave the rest as-is.

 

[neodude]

If you've got the money consider investing in a PfSense box and separate AP. I have PfSense setup with NordVPN using selective routing. I basically just add to a list of IP addresses that I want to use the VPN. Some learning required to get the most out of it but it's totally worth it, and you'll learn a little something about networking too