WireGuard is unique in that it's deliberately coded as 'just another (unix) network interface'. You can literally make it do anything you like - policy based routing, source/destination based routing, per-client routing... Whether Untangle expose that in a GUI is, of course, another matter. I think they have a cheek charging $150 a year for not disabling access to a completely FOSS project with less than 2k lines of code, though!
Cheek is an understatement, that said I wouldn’t disagree that the basic subscription offers reasonable value and even the free version is OK for what it does, but like you it frustrates me that wireguard is a top tier paid option, but it’s Arista’s party.
It was always a top tier feature from its introduction prior to the buy out, but it’s now 100% an Arista choice on what they do, admittedly I would imagine it’s pretty low on the list of things they may want to look at - I would imagine home user subscriptions account for very little in terms of turnover.
Soldato
It’s not just that they only bundled it into the top tier version, they actually did a fairly poor job of integrating it. When I read the post from @ChrisD. above I immediately thought “yep, another Wireguard issue”.
I’ll be honest, if it came down to PiVPN on a Pi4 or $150/yr on Untangle… you can guess how that would work out
Does Mikrotik do anything sensible with Wifi or would it be better to get a separate AP for that??
Just jumping back to Asus - they can be flashed with DD-WRT, so won't this kind of get rid of the entire privacy issue?
Thanks
Just jumping back to Asus - they can be flashed with DD-WRT, so won't this kind of get rid of the entire privacy issue?
Thanks
Soldato
MikroTik are not known for great Wireless LAN performance. They insist on writing their own drivers for all the hardware so they are very slow introducing newer and better chipsets. The general consensus is MikroTik for routing, Ubiquiti UniFi (or somebody else) for access points.
If you want good VPN routing performance with WLAN then there is an RB4011 variant - the delightfully named RB4011iGS+5HacQ2HnD-IN
mikrotik.com
When this came out lots of folks got terribly excited because - well, look at the specs on that thing. On paper it’s a monster. And it’s really cheap. I have seen them as low as £150. When we actually got them the compromises became apparent and it’s switching performance is about half its routing performance (the two blocks of LAN ports are on two separate switch chips so in a block they switch at full speed but between blocks is slower), the 4x4 WLAN was only actually 2x2 because of the drivers (now fixed) and the 10GbE SFP+ port didn’t support passive DAC cables so you had to buy a special (more expensive) Mikrotik one. It was imperfect and it was unloved as a result.
If you can get one cheap enough it’s a very good router, and there are loads of other good routers out there too.
If you want good VPN routing performance with WLAN then there is an RB4011 variant - the delightfully named RB4011iGS+5HacQ2HnD-IN
RB4011iGS+5HacQ2HnD-IN | MikroTik
Powerful 10xGigabit port router with a Quad-core 1.4Ghz CPU, 1GB RAM, SFP+ 10Gbps cage, dual band 2.4GHz / 5GHz 4x4 MIMO 802.11a/b/g/n/ac wireless and desktop case
mikrotik.com
When this came out lots of folks got terribly excited because - well, look at the specs on that thing. On paper it’s a monster. And it’s really cheap. I have seen them as low as £150. When we actually got them the compromises became apparent and it’s switching performance is about half its routing performance (the two blocks of LAN ports are on two separate switch chips so in a block they switch at full speed but between blocks is slower), the 4x4 WLAN was only actually 2x2 because of the drivers (now fixed) and the 10GbE SFP+ port didn’t support passive DAC cables so you had to buy a special (more expensive) Mikrotik one. It was imperfect and it was unloved as a result.
If you can get one cheap enough it’s a very good router, and there are loads of other good routers out there too.
OK, so let me get this right:
Option 1: Single device for routing, switching (not really my need), wireless with VPN tunneling in the hardware
1a Mikrotik RB4011
1b Open WRT with a decent router that's supported (Linksys?)
Option 2: Router and AP separatly, VPN in the hardware
2a Mikrotik router + Ubiquiti UniFi
2b Mikrotik router + alternative AP
Option 3: Router with Wifi, VPN via software
3a Any decent router with DD WRT or Open WRT + Fire Tv Stick
3b ?
Option 4: intel based server with Untangle Free on a decent router
4a Mikrotik ?
Choice 1a seems obvious as a decent cost vs opportunity for me providing some kit on sale can be acquired lol
1b could be a fall back, while 3a something I can do now, but would need a Fire TV stick
I need to double check what exact functionality I could get from the Sat Box that a supporting Android app on a Fire Stick would not offer..
Option 1: Single device for routing, switching (not really my need), wireless with VPN tunneling in the hardware
1a Mikrotik RB4011
1b Open WRT with a decent router that's supported (Linksys?)
Option 2: Router and AP separatly, VPN in the hardware
2a Mikrotik router + Ubiquiti UniFi
2b Mikrotik router + alternative AP
Option 3: Router with Wifi, VPN via software
3a Any decent router with DD WRT or Open WRT + Fire Tv Stick
3b ?
Option 4: intel based server with Untangle Free on a decent router
4a Mikrotik ?
Choice 1a seems obvious as a decent cost vs opportunity for me providing some kit on sale can be acquired lol
1b could be a fall back, while 3a something I can do now, but would need a Fire TV stick
I need to double check what exact functionality I could get from the Sat Box that a supporting Android app on a Fire Stick would not offer..
I'm home now and I've had a proper look, I think the limitation I was referring to is that I think the 'Tunnel VPN' you can do with Untangle won't do Wireguard. I could be wrong, it's been a while since I tested it but I remember with Mullvad I could only get the OpenVPN tunnel to work and not the WG option.
Soldato
With what you're wanting to achieve, just opt for one of these options. Pros and cons with either of these but, depending on the hardware you opt for, option 1 could be a bit of a learning curve* to setup compared to a per-device approach but could work out more cost effective (depends on the number of devices than need VPN access that require additional hardware) whilst offering a bit more flexibility.
* Something *WRT based will be a lot easier to setup than RouterOS (MikroTik) or something else (Draytek etc).