Dedicated wired VPN router

[Xentrk]

can you give me the name and location of the pfsense shop in bkk?
Thanks.

Sorry @unclebuk, I did not see your post until now. The company website is anasx.com. The contact person is Montri (montri@anasx.com). He was very helpful and speaks English. I will update my post with a photo soon.

It does have an internal fan and you can hear it. Since it is hot here in Thailand, I usually run a fan in my living room where the router is located. When I turn on the living room fan, I don't notice the fan noise on the pfSense appliance any longer. I've only been using it more the past three weeks. From initial testing, I am getting much better throughput than from my ASUS AC88U router. I am enjoying learning about it, as well as the ASUS with Merlin FW. I like having both to tinker with!

 

[Xentrk]

 

[Xentrk]

Next to AC88U

 

[pitboss]

Get yourself a cheapest PC/MiniPC with at least 2,4GHz CPU, 2GB RAM, Gigabit NIC and install pfsense or if u a linux person then just put a linux in there with iptables routing setup.

What is important is the CPU as OpenVPN tends to use a lot of CPU cycles and anything above 2.4Ghz will give you maximum throughput of any vpn providers and whatever else you want to throw into your box.

None of the existing home routers is able to give you 60mbit with a VPN-enabled connection. But if you are looking to stream netflix, then a 10mbit is good enuf to view 4k stream, and any 600Mhz CPU routers + OpenVPN will do.

 

[ignade82]

Get yourself a cheapest PC/MiniPC with at least 2,4GHz CPU, 2GB RAM, Gigabit NIC and install pfsense or if u a linux person then just put a linux in there with iptables routing setup.

What is important is the CPU as OpenVPN tends to use a lot of CPU cycles and anything above 2.4Ghz will give you maximum throughput of any vpn providers and whatever else you want to throw into your box.

None of the existing home routers is able to give you 60mbit with a VPN-enabled connection. But if you are looking to stream netflix, then a 10mbit is good enuf to view 4k stream, and any 600Mhz CPU routers + OpenVPN will do.

can I do with windows 10? share the vpn through wire on second ethernet or my mini PC ?

It is terrible I bought Ac3100 and it is too slow

 

[swetoast]

still liking my solution with a rpi and a wifi dongle and some configuration of packages

 

[System Error Message]

with windows 10 i doubt it. i suggest windows server for this as it comes with software to turn it into a router otherwise you would have to look for software to turn your windows 10 or lower into a router as while you can share your internet on desktop windows, you cant control things. Windows server lets you control more so its an option to use as a router but its never as good as pfsense, linux and other stuff which is why it isnt used much in this sort of thing. microsoft has a lower share in the server market and this includes the router market too in which windows server was also made for for firewall/gateway, not like it was really good at it. It was in the past.

Essentially this requires setting up openvpn client on the PC and setting it as a gateway and to do NAT. You shouldnt use a desktop windows OS for this. It is possible if you use ICS, just you have no control over it and i dont even know how good windows 10 is as my experience with windows server 2016 was absolutely horrible.

 

[Cake]

Sorry @unclebuk, I did not see your post until now. The company website is anasx.com. The contact person is Montri (montri@anasx.com). He was very helpful and speaks English. I will update my post with a photo soon.

It does have an internal fan and you can hear it. Since it is hot here in Thailand, I usually run a fan in my living room where the router is located. When I turn on the living room fan, I don't notice the fan noise on the pfSense appliance any longer. I've only been using it more the past three weeks. From initial testing, I am getting much better throughput than from my ASUS AC88U router. I am enjoying learning about it, as well as the ASUS with Merlin FW. I like having both to tinker with!

Another option is to order a J1900 Qotom from China. No Fan, handles heat (65C at idle during noon), Go with opnsense as it supports dnscrypt and openvpn XOR scramble patch with little effort. Does not have AES instructions, but I have not noticed any extra lag besides ping related to distance of server.

 

[System Error Message]

Another option is to order a J1900 Qotom from China. No Fan, handles heat (65C at idle during noon), Go with opnsense as it supports dnscrypt and openvpn XOR scramble patch with little effort. Does not have AES instructions, but I have not noticed any extra lag besides ping related to distance of server.

AES acceleration is a must for throughput. Not having it does not affect latency but it significantly affects throughput.

 

[Xentrk]

still liking my solution with a rpi and a wifi dongle and some configuration of packages

I was gifted with a rpi 3 and have been researching a project related to networking for it. I may follow your lead. I also came across a few smart mirror projects that look kewl as well.

 

[MichaelCG]

AES acceleration is a must for throughput. Not having it does not affect latency but it significantly affects throughput.

I think this really depends on how much throughput you are striving for. My e4600 based pfSense desktop running OpenVPN can hit over 100Mbps+ just fine when using an iPhone6. I am "assuming" it is much faster if I was using a client that had more CPU. I don't normally use OpenVPN from anything other than my phone.

Speedtest.net, iPhone6
- noVPN - 270/283
- OpenVPN - 143/84 (AES128)

EDIT: Just tested on my laptop...and nope, it was slower. Guessing a client issue? Who knows. My point still stands. It comes down to what speeds you really want to get over the VPN. There is no doubt hardware acceleration is nice and would probably help when shooting for over 100Mbps, but non-accelerated can hit decent speeds as well. AES is much nicer to x86 than 3DES ever was.

Speedtest.net, HP Laptop (i7-4xxxM something)
- noVPN - 442/321
- OpenVPN - 83/68 (AES128)

This was all tested on my local house WiFi just connecting locally to the VPN server so no latency variable.

 

[swetoast]

I was gifted with a rpi 3 and have been researching a project related to networking for it. I may follow your lead. I also came across a few smart mirror projects that look kewl as well.

with the rpi3 you got both wifi and ethernet so its very easy to do and there are alot of howtos on the subject as for the smartmirror solution i got that aswell

got alot of various rpi and rpi clones doing various stuff.

 

[Samir]

the RV042G is a horrible option. Never ever get a VPN router even for VPN as every VPN router from every brand is absolutely horrible. i know @Samir here would disagree with his experience but i have seen way too many complaints and ubiquiti's early edgerouter days are proof that this platform is terrible.

Glad to see you remember me! (Cooincidentially, whenever I see a pfense or mikrotik application I think of you.)

And while our experiences on the rv042g differ, I believe that in your particular use case--a solid, fast as can be, site-to-site tunnel between two countries--is a stable and core feature in the design of the rv042g that you should have little trouble with (other than the detailed nature of configuring an ipsec tunnel). Just setting up a pfsense router will take more effort (for you) than to configure the rv042g.

 

[System Error Message]

Glad to see you remember me! (Cooincidentially, whenever I see a pfense or mikrotik application I think of you.)

And while our experiences on the rv042g differ, I believe that in your particular use case--a solid, fast as can be, site-to-site tunnel between two countries--is a stable and core feature in the design of the rv042g that you should have little trouble with (other than the detailed nature of configuring an ipsec tunnel). Just setting up a pfsense router will take more effort (for you) than to configure the rv042g.

Lets look at @thiggins review of every vpn platform
https://www.smallnetbuilder.com/lanwan/lanwan-reviews/32996-zyxel-usg20-vpn-vpn-firewall-reviewed
cons:
• Could not get IPsec client-to-gateway working
• Routing throughput lower than most current generation routers
https://www.smallnetbuilder.com/lan...co-rv320-dual-gigabit-wan-vpn-router-reviewed
cons:
• Balky SSL VPN
• More minor bugs than there should be
https://www.smallnetbuilder.com/lan...2-cisco-rv042-v3-dual-wan-vpn-router-reviewed
• 10/100 vs. Gigabit ports
• Admin access problem with Firefox / Windows
https://www.smallnetbuilder.com/lan...o-rv042g-dual-gigabit-wan-vpn-router-reviewed
• No L2TP support
• Mismatched uplink/downlink throughput


All these vpn routers, they all seem to have the same problem. They dont have all the most common/major VPN working and they tend to have other issues such as bugs and other things which you've been recommending to businesses. Take asus for instance, you dont get this sort of problem. Openwrt and tomato dont have these issues but because of closed source code they cant make use of hardware acceleration either.

Isnt L2TP/IPSEC the VPN choice if not using openvpn? These routers dont support openvpn either .

 

[Samir]

Lets look at @thiggins review of every vpn platform
https://www.smallnetbuilder.com/lanwan/lanwan-reviews/32996-zyxel-usg20-vpn-vpn-firewall-reviewed
cons:
• Could not get IPsec client-to-gateway working
• Routing throughput lower than most current generation routers
https://www.smallnetbuilder.com/lan...co-rv320-dual-gigabit-wan-vpn-router-reviewed
cons:
• Balky SSL VPN
• More minor bugs than there should be
https://www.smallnetbuilder.com/lan...2-cisco-rv042-v3-dual-wan-vpn-router-reviewed
• 10/100 vs. Gigabit ports
• Admin access problem with Firefox / Windows
https://www.smallnetbuilder.com/lan...o-rv042g-dual-gigabit-wan-vpn-router-reviewed
• No L2TP support
• Mismatched uplink/downlink throughput


All these vpn routers, they all seem to have the same problem. They dont have all the most common/major VPN working and they tend to have other issues such as bugs and other things which you've been recommending to businesses. Take asus for instance, you dont get this sort of problem. Openwrt and tomato dont have these issues but because of closed source code they cant make use of hardware acceleration either.

Isnt L2TP/IPSEC the VPN choice if not using openvpn? These routers dont support openvpn either .

I'm definitely not saying any smb router is perfect, but when thousands get sold and are in operation, and 99% of the router design and functionality works exactly as it should, and the other 1% has simple workarounds, you can implement a solution much more easily than reading for ages and programming a more robust platform from scratch. And keep in mind, if you program that platform wrong, you'll still have an issue that you have to debug and fix.

For most anyone needing a simple ipsec site-to-site tunnel, the smb products do what they do very well at a very reasonable price--hence my continued recommendation (and use) of them.

 

[System Error Message]

I'm definitely not saying any smb router is perfect, but when thousands get sold and are in operation, and 99% of the router design and functionality works exactly as it should, and the other 1% has simple workarounds, you can implement a solution much more easily than reading for ages and programming a more robust platform from scratch. And keep in mind, if you program that platform wrong, you'll still have an issue that you have to debug and fix.

For most anyone needing a simple ipsec site-to-site tunnel, the smb products do what they do very well at a very reasonable price--hence my continued recommendation (and use) of them.

thats because 99% of the users who buy it dont realise the problem. Its a shame because of the market segment these things were built for yet didnt do better than dd-wrt, openwrt and tomato.

 

[sfx2000]

All these vpn routers, they all seem to have the same problem. They dont have all the most common/major VPN working and they tend to have other issues such as bugs and other things which you've been recommending to businesses. Take asus for instance, you dont get this sort of problem. Openwrt and tomato dont have these issues but because of closed source code they cant make use of hardware acceleration either.

Isnt L2TP/IPSEC the VPN choice if not using openvpn? These routers dont support openvpn either .

Many of the "VPN routers" do their own flavor of VPN...

OpenVPN and LT2P/IPSec, these are open standards - some client OS's will support LT2P, most don't support OpenVPN without a 3rd party client (available from OpenVPN many times).

SEM makes a good point - interoperability is a good thing, and many of the "VPN routers" may not have this, rather, they stay in their private garden..

 

[sfx2000]

I was gifted with a rpi 3 and have been researching a project related to networking for it. I may follow your lead. I also came across a few smart mirror projects that look kewl as well.

Pi's can be a lot of fun - since as a default, they run a variant of Debian - they're pretty strong on a networking side...

The problem here is that they can be both bandwidth (USB2, and the ethernet is shared there on the USB bus) and compute bound - so in some cases, they might not be the best solution..

Still - a great platform to learn about network basics - and the Pi/Raspbian community here is a big plus for folks dipping their toes into things for the first time.

Once one grows out of the Pi's - Odroid C2 is a good thing, and there are a couple of SBC's going into production (EspressoBIN is one, UP2 is another, and we also have the MinnowBoard Turbot Dual)... too early to tell about Asus' Tinkerboard, but it looks promising...

 

[swetoast]

So this is my setup its a solidrun imx6 hummingboard 470Mbps actual bandwidth due to internal chip buses and im using a usb n wifi card to connect other units to it but it works great.

so if you want to go down this path just make sure there is a good distro with a good kernel available for me thats always been armbian, its basically debian for arm devices most of the work goes into the kernel since the manufacturers of these boards often dont care about kernel version or features.

this is where armbian really picks up the slack and lets users have a good and stable distro

 

[Cake]

What is the frontend gui for the router on Pi (Arm)? That is the problem I had plus I wanted more ethernet ports then 1, and a usb wifi. Like mentioned you will never saturate the 100Mb connection, I guess if your good at iptables or install openvpn (openvpn connect has a web gui) to it. There are low powered Intel devices out there with multiple nics that you can slap on *sense etc. I really like bsd now.