Router for VPN client

A

anaphylaxus

Active Member
Joined
Aug 23, 2017
Messages
32
Reaction score
0
Location
Cape Town
Major brainache from trying to research this on my own and hoping for some useful insight from the forum:

I've just upgraded my fibre line from 20Mbps to 100Mbps. Now I'm looking to set up router-level vpn.

I've been down this road before with an Asus RT-N18U that just isn't powerful enough to deliver reasonable speeds with VPN client active. I didn't pursue this further at that time because my line wasn't fast enough to make it worthwhile anyway.

So I'm trying to figure out what my options are going forward, ideally something cost-effective.

I live in a small flat, and coverage isn't really an issue, so I'm just looking for the most practical but workable solution. There also aren't millions of devices connected to the network at once. Often just an android box and two phones, sometimes a computer/laptop or the PS4.

I figure I can shell out on a good consumer grade router - this is probably going to cost minimum R2999 for something like a Netgear R7000 or Asus AC68U, unless I've missed a better option?

Alternatively, I could go with something business-grade, like an EdgeRouter and then use one of my myriad other routers as an AP (or upgrade to a Unify AP eventually). I can't find a whole lot of info on the EdgeRouter's performance as a VPN client. I also have not been able to figure out whether I'd be looking at an EdgeRouter X or an EdgeRouter X SFP, or if neither of those are even up to the task at all.

Any wiser souls out there who can help a gal out?
 
anaphylaxus said:
Major brainache from trying to research this on my own and hoping for some useful insight from the forum:

I've just upgraded my fibre line from 20Mbps to 100Mbps. Now I'm looking to set up router-level vpn.

I've been down this road before with an Asus RT-N18U that just isn't powerful enough to deliver reasonable speeds with VPN client active. I didn't pursue this further at that time because my line wasn't fast enough to make it worthwhile anyway.

So I'm trying to figure out what my options are going forward, ideally something cost-effective.

I live in a small flat, and coverage isn't really an issue, so I'm just looking for the most practical but workable solution. There also aren't millions of devices connected to the network at once. Often just an android box and two phones, sometimes a computer/laptop or the PS4.

I figure I can shell out on a good consumer grade router - this is probably going to cost minimum R2999 for something like a Netgear R7000 or Asus AC68U, unless I've missed a better option?

Alternatively, I could go with something business-grade, like an EdgeRouter and then use one of my myriad other routers as an AP (or upgrade to a Unify AP eventually). I can't find a whole lot of info on the EdgeRouter's performance as a VPN client. I also have not been able to figure out whether I'd be looking at an EdgeRouter X or an EdgeRouter X SFP, or if neither of those are even up to the task at all.

Any wiser souls out there who can help a gal out?
Click to expand...

I have the ASUS AC87U (older model) and is working great with VPN client.
It has a bit more power than the AC68U but speaking in today's routers I would go for an AC88U
 
Edgerouter X has some nice VPN capabilities in as stock, and many have reported success with it

help.ubnt.com

EdgeRouter - L2TP IPsec VPN Server

Overview Readers will learn how to configure a L2TP (Layer 2 Tunneling Protocol) server on the EdgeRouter. NOTES & REQUIREMENTS: Applicable to the latest EdgeOS firmware on all EdgeRoute...
help.ubnt.com help.ubnt.com

They also have a very active community on their own forums and on Reddit in case you need help. I asked around on the latter before I bought my ERx and the guys there were really a great help
 
PhireSide said:
Edgerouter X has some nice VPN capabilities in as stock, and many have reported success with it

help.ubnt.com

EdgeRouter - L2TP IPsec VPN Server

Overview Readers will learn how to configure a L2TP (Layer 2 Tunneling Protocol) server on the EdgeRouter. NOTES & REQUIREMENTS: Applicable to the latest EdgeOS firmware on all EdgeRoute...
help.ubnt.com help.ubnt.com

They also have a very active community on their own forums and on Reddit in case you need help. I asked around on the latter before I bought my ERx and the guys there were really a great help
Click to expand...
Thanks, I'm gonna go check this out!
 
I'd personally look at one of the Mikrotik routers. You should be able to get something for <R1000 and it will do anything and more that you might want to do. They are not the most user friendly devices to setup but once you get your head around it, the possibilities are endless with them! It's amazing how much these Mikrotik home/sme based routers can do. Wifi range is always decent and as I say, the customization on them is amazing!!!
 
carstensdj said:
I'd personally look at one of the Mikrotik routers. You should be able to get something for <R1000 and it will do anything and more that you might want to do. They are not the most user friendly devices to setup but once you get your head around it, the possibilities are endless with them! It's amazing how much these Mikrotik home/sme based routers can do. Wifi range is always decent and as I say, the customization on them is amazing!!!
Click to expand...

You need to consider the router's ability to encrypt/decrypt traffic, and AES-NI (or ARM equivalent) is essential. I don't know of any under R1000 that can do that on 100Mbit.
 
PhireSide said:
Edgerouter X has some nice VPN capabilities in as stock, and many have reported success with it

help.ubnt.com

EdgeRouter - L2TP IPsec VPN Server

Overview Readers will learn how to configure a L2TP (Layer 2 Tunneling Protocol) server on the EdgeRouter. NOTES & REQUIREMENTS: Applicable to the latest EdgeOS firmware on all EdgeRoute...
help.ubnt.com help.ubnt.com

They also have a very active community on their own forums and on Reddit in case you need help. I asked around on the latter before I bought my ERx and the guys there were really a great help
Click to expand...

OpenVPN performance on new Edge Routers | Ubiquiti Community

We have stable OpenVPN tunnel (tcp on port 443) with ~700mbit throughput on a 1000mbit connection. Currently using Synology DS918+ as VPN endpoints. But we
community.ui.com community.ui.com

Can the new EdgeRouters with 4 cores handle routing for gigabit connection and the OpenVPN tunnel at, at least, 500mbit?
Click to expand...


There's another poster on here today who reported 25 Mbps throughput over OpenVPN between two ER-4s.
Click to expand...
 
I would just run my own, over Wireguard on the client.
 
waylander said:

OpenVPN performance on new Edge Routers | Ubiquiti Community

We have stable OpenVPN tunnel (tcp on port 443) with ~700mbit throughput on a 1000mbit connection. Currently using Synology DS918+ as VPN endpoints. But we
community.ui.com community.ui.com
Click to expand...
I wonder if that is with HW offloading enabled? I know the ER-4 has a Cavium-based SoC and the ERx uses a MTK chipset, so there may be some differences there too.

[ER-X] IPsec VPN Performance | Ubiquiti Community

I've been using ER-X at home for a few weeks. It's my first Edgerouter. Very happy with it so far With EdgeOS v1.9.0, we know ER-X supports HW
community.ui.com community.ui.com
 
PhireSide said:
I wonder if that is with HW offloading enabled? I know the ER-4 has a Cavium-based SoC and the ERx uses a MTK chipset, so there may be some differences there too.

[ER-X] IPsec VPN Performance | Ubiquiti Community

I've been using ER-X at home for a few weeks. It's my first Edgerouter. Very happy with it so far With EdgeOS v1.9.0, we know ER-X supports HW
community.ui.com community.ui.com
Click to expand...

OP uses OpenVPN, not IPsec. There's many benchmarks and performance testing on Google to compare the two, that's why I asked the protocol in the first reply.
 
28ff6b6f-4638-40e2-b528-d6dbf5e22c8d
 
waylander said:
You need to consider the router's ability to encrypt/decrypt traffic, and AES-NI (or ARM equivalent) is essential. I don't know of any under R1000 that can do that on 100Mbit.
Click to expand...
Would this not do what the OP needs? I know of people running massive VPN's using these things at various high sites...

scoop.co.za

MikroTik hEX 5 Port Gigabit Desktop Router | RB750Gr3

MikroTik hEX 5 Port Gigabit Desktop Router | RB750Gr3 Scoop's RB-HEX by MikroTik RouterBOARD is a five port Gigabit Ethernet router for locations where wireless connectivity is not required. The device has a full size USB port, affordable, small and easy
scoop.co.za scoop.co.za
 
carstensdj said:
Would this not do what the OP needs? I know of people running massive VPN's using these things at various high sites...

scoop.co.za

MikroTik hEX 5 Port Gigabit Desktop Router | RB750Gr3

MikroTik hEX 5 Port Gigabit Desktop Router | RB750Gr3 Scoop's RB-HEX by MikroTik RouterBOARD is a five port Gigabit Ethernet router for locations where wireless connectivity is not required. The device has a full size USB port, affordable, small and easy
scoop.co.za scoop.co.za
Click to expand...

https://www.reddit.com/r/mikrotik/comments/7o7i3e


I understand that the hEX is supposed to have hardware encryption to allow up to 400+mbps. The VPN server is a dedicated x86 machine with a 1gbps connection, so it should easily handle 300mbps. CPU usage on the server side only goes up to 5% or so when bandwidth testing the VPN to it
Where am I going wrong?
Click to expand...

Only IPsec is hardware accelerated.
Click to expand...
 
OP what are you trying to do that 20mbps is too slow? I'm asking more out of curiosity than for any other reason.
 
Honey Badger said:
OP what are you trying to do that 20mbps is too slow? I'm asking more out of curiosity than for any other reason.
Click to expand...
20mbps isn't too slow. But with hardware vpn client running, that drops off quite hard to 3 or 4mbps on my RT-N18U at best, or often less.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X