Router with Hardware VPN recommendations?

[nintenjo]

Id like to set my router to give access wide VPN client (via Nord or Express VPN or similar). However my currentr Asus DSL-AC88U does not seem to support hardware encyrption so it has to be done on the CPU and of course its not really up to it so manages not much more than about 30~50mbps maxed out.

This router is pretty old and i imagine they have come on a long way since it was new, as such im looking for a device that capable of about 20 simultanous connections with about a max throughput of about 300/50mbps U/D with VPN encryption enabled. I know the type of encryption etc will effect performance so would be interested to know if anyone else if using such a setup on a domestic router? Any recommendations?

 

[ChrisD.]

Are you using OpenVPN? Does the Asus have an option to use Wireguard instead? What about merlin firmware?

 

[nintenjo]

Are you using OpenVPN? Does the Asus have an option to use Wireguard instead? What about merlin firmware?

Yes it has OpenVPN this is what I used to connect to express VPN to test it .. which had the low throughput I listed above. No wireguard option, and I don’t think the router is Merlin compatible as it’s an DSL model I don’t think custom firmwares are compatible?

 

[ChrisD.]

No idea about whether it's Merlin compatible or not, I wouldn't touch any Asus networking equipment with a bargepole.

You need a Wireguard or Tailscale compatible router, OpenVPN is really slow.

 

[nintenjo]

No idea about whether it's Merlin compatible or not, I wouldn't touch any Asus networking equipment with a bargepole.

You need a Wireguard or Tailscale compatible router, OpenVPN is really slow.

Any recommendations?

 

[ChrisD.]

Any recommendations?

Budget? 2.5 GbE? WiFi, or router/firewall only? Number of switch ports required?

 

[WJA96]

GL.INet MT-6000 or MikroTik RB4011iGS+5HacQ2HnD-IN if you need WiFi and MikroTik RB5009UG+S+IN if you have access points for WiFi.

 

[nintenjo]

min 4 ports, 1gbps LAN is fine, Wifi 6 min. Router / Firewall combo is ideal (less power inputs) but if i can get just the VPN as a hardware Accesspoint thats a nice option too then i can use my existing router? Budget id say is about £150 - 200 ish my last router was about £280 which was so overpriced for what it was but i needed the DSL function which added a huge cost overhead.

 

[nintenjo]

GL.INet MT-6000 *snip*

This looks pretty much perfect, thank you. Never heard of the brand so ill do a bit of research but looks ideal.

 

[WJA96]

This looks pretty much perfect, thank you. Never heard of the brand so ill do a bit of research but looks ideal.

Just check that you’re happy with the 2.4GHz WiFi situation because once you move off the default firmware it can get a bit flakey depending on your exact use-case but for most users it’s absolutely fine.

 

[Avalon]

Just check that you’re happy with the 2.4GHz WiFi situation because once you move off the default firmware it can get a bit flakey depending on your exact use-case but for most users it’s absolutely fine.

I thought they were reverting to a earlier OWRT build now and then bringing the old drivers over going forward or at least that's what I thought the last announcement said?

Op, i'm not sure you quite understand what you're suggesting, routing *everything* via VPN is going to increase you not being able to access certain sites, potentially impact streaming services (both good and bad) and result in online purchases potentially getting flagged as suspect. It's far better to do this either Policy Based Routing/client or even VLAN on the devices you actually want to do this on rather than *everything*. I have had orders declined (hosting), been asked for verification (online services), paypal who normally let me do all sorts of questionable things without any verification suddenly withdrew certain payment options and wanted to verify I had the funds before making any payments. Literally each time coming off VPN and doing the same thing on an open connection resulted in it working (apart from cases where they had flagged things for further verification). Proceed with caution.

 

[nintenjo]

I thought they were reverting to a earlier OWRT build now and then bringing the old drivers over going forward or at least that's what I thought the last announcement said?

Op, i'm not sure you quite understand what you're suggesting, routing *everything* via VPN is going to increase you not being able to access certain sites, potentially impact streaming services (both good and bad) and result in online purchases potentially getting flagged as suspect. It's far better to do this either Policy Based Routing/client or even VLAN on the devices you actually want to do this on rather than *everything*. I have had orders declined (hosting), been asked for verification (online services), paypal who normally let me do all sorts of questionable things without any verification suddenly withdrew certain payment options and wanted to verify I had the funds before making any payments. Literally each time coming off VPN and doing the same thing on an open connection resulted in it working (apart from cases where they had flagged things for further verification). Proceed with caution.

Ok that’s sound advise I appreciate it.. maybe there are better solutions.. for example can I have my server on a (software) client VPN but have all my LAN traffic still access the server on any port ? Plus then have certain external traffic access it via fixed ports? (It’s a silly question as I know you can, but I guess the question is more is it easy to do using a solution like Nord / Express VPN client) .. although I know this is off topic.

 

[nintenjo]

Just check that you’re happy with the 2.4GHz WiFi situation because once you move off the default firmware it can get a bit flakey depending on your exact use-case but for most users it’s absolutely fine.

Yeah I saw this, not ideal as I use 2.4ghz for all my home automation type devices.

 

[WJA96]

Yeah I saw this, not ideal as I use 2.4ghz for all my home automation type devices.

And if you stick to the default firmware (and don’t use the open source drivers) they’ll all work just fine. But if you build your own snapshot of OpenWRT then all bets are off.

If you buy it from Amazon and it doesn’t do what you want then you can send it back, no questions asked.

 

[Avalon]

The other mildly contentious option (yes, it should work regardless) is you use a decent wifi ecosystem which potentially makes more sense anyway. I'm a big fan of separating routing/firewall, switching and wifi, it means you can choose what suits your needs best in each area and upgrades can be targeted eg adding wifi 7 just requires a new AP vs chucking everything.

 

[WJA96]

I thought they were reverting to an earlier OWRT build now and then bringing the old drivers over going forward or at least that's what I thought the last announcement said?

Yes, and at the moment, as far as I’m aware the only truly working option is to stick on the original supplied firmware because that definitely works. Everything else may have improvements here and there but they all seem to negatively impact the 2.4GHz wireless performance.

 

[WJA96]

The other mildly contentious option (yes, it should work regardless) is you use a decent wifi ecosystem which potentially makes more sense anyway. I'm a big fan of separating routing/firewall, switching and wifi, it means you can choose what suits your needs best in each area and upgrades can be targeted eg adding wifi 7 just requires a new AP vs chucking everything.

This is the optimal solution and it’s where most ‘enthusiasts’ are heading. For many though, they just want a single box that does it all.

Even with the component model you get issues. There are folks who are having terrible performance with the UniFi U6-LR which has the same 2.4GHz chipset as the Flint2. And as you correctly point out, they were able to resolve their situation by just swapping out the U6-LR for a U6-Pro or U7-Pro.

 

[spile]

If you are happy with your router, then you can install Wireguard on a Raspberry Pi. It works really well.