Spec me a Router

Soldato
Joined
16 Apr 2007
Posts
23,436
Location
UK
Hey all,

I am with Virgin Media with the Superhub 3. I am looking to put it into Modem Mode and connect it to a Router for more range and features, specifically I want it to run through a VPN server permanently, so all connections to the Router run through a VPN first.

Any recommendations? I've been looking into the ASUS RT-AC66U, any thoughts on that?

Any other advise will be greatly appreciated!

Thanks,
Marky
 
Running everything through a VPN isn't always the best idea. There a few things that'll probably stop working.

How fast is your Virgin connection? How fast do you expect it to be when routed via a VPN?
 
Running everything through a VPN isn't always the best idea. There a few things that'll probably stop working.

How fast is your Virgin connection? How fast do you expect it to be when routed via a VPN?

Virgin connection is 200Mbps, but I usually get around 250Mbps.

Through VPN I usually get around 100-150Mbps, which I'm happy with.
 
You're going to need some much more modern/expensive to see anything near those speeds.

I'd guess that a RT-AC66U would give you under 30Mbps, probably nearer to 20Mbps.

How much are you willing to spend?
 
You're going to need some much more modern/expensive to see anything near those speeds.

I'd guess that a RT-AC66U would give you under 30Mbps, probably nearer to 20Mbps.

How much are you willing to spend?

Willing to spend up to £200 - Not sure if that will be enough?

Why would the ASUS restrict the speed so much when on VPN?
 
Why would the ASUS restrict the speed so much when on VPN?
Because the calculations required for the encryption/decryption of the data for the VPN.

The CPUs in most routers just aren't up to it.

That's one of the reasons some people end-up building boxes to run pfSense and the like.
 
Because the calculations required for the encryption/decryption of the data for the VPN.

The CPUs in most routers just aren't up to it.

That's one of the reasons some people end-up building boxes to run pfSense and the like.

Ahh I see - So the likes of my PC can do it no problem, but a router would have to do it on its own board. Cool, thanks for the heads up!

I thought I had heard people using a Rasp Pi as a VPN bridge? Could that be a possibility?

Otherwise, is £200 too small a budget for what I want to do?
 
Even a RPi3 is going to have the cpu limitations you see with most routers.

I'm not sure whether £200 will get you to where you want to be. Hopefully someone else will chip in with the answer.
 
Even a RPi3 is going to have the cpu limitations you see with most routers.

I'm not sure whether £200 will get you to where you want to be. Hopefully someone else will chip in with the answer.

Well thank you very much for your help thus far :)
 
Ignoring it being a bad idea to route everything this way, pfSense is probably your best bet. Neither consumer routers or a pi have an FPU and without one all the encryption overheads have to be calculated by the CPU emulating a FPU aka in software, this is slow.

Logically you’d selectively route traffic/devices over VPN. For example my method is to use docker and run a container for deluge which also has Privoxy proxy running, put simply I can then direct any device that i want to connect via proxy without the system overhead of local encryption or having to use a router to do it. You could go with a BGR3 or similar, but be warned the UI is not consumer grade.
 
Last edited:
Well there's a lot of utter nonsense here

Get yourself an Asus RT-AC86U, put Merlin firmware on it and watch it happily hit 200Mbps (on a VPN)
 
Well there's a lot of utter nonsense here

Get yourself an Asus RT-AC86U, put Merlin firmware on it and watch it happily hit 200Mbps (on a VPN)

Nonsense... followed by recommending an Asus product, have you considered a side line in comedy?

Asus should be on the NFC list of anyone with the sense to ask for a recommendation, let alone anyone willing to recommend a product. Why? Well the history of awful hardware design (overheating/melting AC68's anyone?), or perhaps two generations of those MediaTek DSL chipsets that fixes were promised for again and again for years and years. What about the faked FCC test results that went on for years? Just when you think that having screwed up the hardware and the certification of it was bad, they ignored security holes for years, only finally fixing some of them when a retail partner stated they would withdraw the hardware if fixes weren't forthcoming. Think it was a one off? Nope, they were fined in the US and required to agree to 20 years of enhanced external auditing because the issue was that prolific. Before you try and extol the virtues of Merlin’s work, he still uses the ASUS base code.

My suggestion was a £50ish Mikrotik RB750GR3, a business class router capable of accelerated IPSEC VPN traffic and routing at near gigabit, Mikrotik patch quickly following security advisories and it's performance numbers speak for themselves:

https://mikrotik.com/product/RB750Gr3#fndtn-testresults

You're suggesting a device that's 3x the price from a company with a horrific track record over the last decade. To me that sounds more nonsensical than anything else i've read in this thread.
 
"Neither consumer routers or a pi have an FPU and without one all the encryption overheads have to be calculated by the CPU emulating a FPU aka in software, this is slow."

This is utter utter nonsense and wrong

I have never seen an AC68 melt

Your Asus rant is funny, were you one of the 7,300 Mikrotik routers that were defaced ?

Where did you suggest the Mikrotik before 7:53 pm ?
 
Find a router you're interested in and then Google '[model name here] VPN throughput'.

In most cases you'll be able to find the same question previously asked and answered.
 
Just don't buy the Microtik because whatever nonsense fantasy world Avalon lives in it won't:

provides wireless

get into 3 figures for VPN
 
Back
Top Bottom