Best Router for OpenVPN under $130?

[System Error Message]

If it uses the dual core ARM A7 from marvel than it would be alright. the ARM A7 is equivalent to the ARM A9 in performance but without out of order execution. This means that the performance of the ARM A7 is very dependent on the firmware coding and compiler quality.

Marvel boasts chip variants with high clocks so i suggest looking at whether or not you can overclock it. That overclockability is very important if you really need CPU or perhaps you can just go with a much better CPU altogether. The ARM A9 is only a bit faster per clock because of out of order processing.

If you truely need CPU performance there are PPC based routers like the mikrotik RB 850gx2 that features a dual core PPC at 500Mhz with IPSEC acceleration. If only the RB850gx2 was overclockable like its predecessor it would make it even better.

If you can overclock the linksys WRT1200AC than go for it and make sure that it has the cooling needed. If the openVPN software and firmware on the linksys isnt well coded and compiled than overclocking the CPU to 2Ghz isnt going to help.

 

[OliverQueen]

It seems that the WRT1200AC doesn't have a fan, so don't think that would be good for OCing, even though it seems that there is no stable Firmware for that or the 1900AC yet (The 1900AC does have a fan though it seems). I would be willing to step up to the WRT1900AC as it can be found for 150$ now and then on ebay, but there still doesn't seem to be a stable DDWRT or OpenWRT release for it yet so not even sure if you can OC them, but if you could it looks like those would be the two best routers for me. If i bring up my price range to like $180 what would be my best bet? I could get a Asus RT-AC68P most likely for around 130-150. What are some others better choices that could push 30-50mbit/s with OpenVPN?

I really wish they would get a working DD-WRT for WRT1900AC and i would snatch that up before the prices rise.

edit: It seems that the wifi drivers on it are just terrible and kong is giving up on it for now though. So that takes the WRT1900AC off the list.

 

[RMerlin]

If you can overclock the linksys WRT1200AC than go for it and make sure that it has the cooling needed. If the openVPN software and firmware on the linksys isnt well coded and compiled than overclocking the CPU to 2Ghz isnt going to help.

Currently, the best OpenVPN performance would be from Asuswrt-Merlin, the latest crop of beta releases of Asuswrt (they only recently switched from 1.0.0 to 1.0.2), and the very latest Tomato-Shibby/DD-WRT builds, as these are based on OpenSSL 1.0.2. AES performance is greatly improved in 1.0.1, and was improved even further in 1.0.2 through ASM-based optimizations. AFAIK, all other manufacturers like Linksys and Netgear still use quite old versions of OpenSSL.

 

[Steve40th]

Wow, did not realize a vpn needs a serious CPU to decyrpt/encrypt stuff. I went from 90Mbs to 2Mbs on comcast blast, 75/10Mbs using Nord VPN with Cat6 cable, Home Premium Windows 7 64bit. Need to look into new router as I use VPN. This was an Archer C7 V2.

 

[sfx2000]

Wow, did not realize a vpn needs a serious CPU to decyrpt/encrypt stuff. I went from 90Mbs to 2Mbs on comcast blast, 75/10Mbs using Nord VPN with Cat6 cable, Home Premium Windows 7 64bit. Need to look into new router as I use VPN. This was an Archer C7 V2.

Better off with OpenVPN on the local PC rather than trying to do it on a consumer grade router - OpenVPN, by design, is rather CPU intensive...

 

[psychopomp1]

Better off with OpenVPN on the local PC rather than trying to do it on a consumer grade router - OpenVPN, by design, is rather CPU intensive...

+1

When i was using OpenVPN on the Asus AC87R (official fw or Merlin's) i never got more than 20 meg throughput, despite having a 80 meg connection. In the end i threw away this Asus junk, purchased a Linksys EA8500 which blows the pants off the Asus AC87R. Using the desktop OpenVPN app gives more speeds > 50 meg which I'll probably never get on a consumer router.

 

[RMerlin]

When running OpenVPN on a router, I strongly recommend sticking to AES-128 or AES-256 for the crypto, as it's far more optimized than the other supported cryptos.

I was able to push a 800 MHz RT-AC56U to 50 Mbps using AES-128-CBC.

 

[kvic]

When running OpenVPN on a router, I strongly recommend sticking to AES-128 or AES-256 for the crypto, as it's far more optimized than the other supported cryptos.

I was able to push a 800 MHz RT-AC56U to 50 Mbps using AES-128-CBC.

I would swear by Merlin's words on this one. I tested it on an overclocked AC56U (1200MHz CPU). I could get over 70Mbps throughput from WAN to LAN through AC56U as an OpenVPN server (my wan is 100/100Mbps if it matters).

OP, you can find a bit more info here.

 

[sfx2000]

+1

When i was using OpenVPN on the Asus AC87R (official fw or Merlin's) i never got more than 20 meg throughput, despite having a 80 meg connection. In the end i threw away this Asus junk, purchased a Linksys EA8500 which blows the pants off the Asus AC87R. Using the desktop OpenVPN app gives more speeds > 50 meg which I'll probably never get on a consumer router.

That's because OpenVPN is just a big hit on CPU resources (the crypto) and thrashes the heck out of memory (which the Cortex-A9 has throughput issues compared to later ARM releases). That's just OpenVPN, the router is doing it's regular work on top of trying to do a VPN tunnel...

Don't get me wrong, having a VPN on the router is a good value add to protect your traffic when remote using a desktop/tablet/phone client to "dial in" to the home Router/AP, but routing internal LAN traffic thru OpenVPN is sub-optimal...

 

[sfx2000]

When running OpenVPN on a router, I strongly recommend sticking to AES-128 or AES-256 for the crypto, as it's far more optimized than the other supported cryptos.

I was able to push a 800 MHz RT-AC56U to 50 Mbps using AES-128-CBC.

Give this a try if just using OpenVPN to geo-unlock content - turn off crypto all together for the data plane traffic, just using Crypt for login to the remote host...

Get even better performance - and PPTP is even faster yet, as it doesn't have to do the UserLand-Kernel-Userland-Kernel transition... (this is why upclocking improves OpenVPN performance, BTW, as every one of those transitions are interrupt driven)

 

[RMerlin]

Give this a try if just using OpenVPN to geo-unlock content - turn off crypto all together for the data plane traffic, just using Crypt for login to the remote host...

Get even better performance - and PPTP is even faster yet, as it doesn't have to do the UserLand-Kernel-Userland-Kernel transition... (this is why upclocking improves OpenVPN performance, BTW, as every one of those transitions are interrupt driven)

When you have the luxury of choosing the cipher, it usually means you control the server. Which means your typical usage is to connect back to your LAN, not to connect to a remote tunnel provider to avoid geo blocks.

 

[philpoe]

If my use case is trying to connect 3 locations that I control the routers and I want to transfer backup files or security videos between them, would it be more appropriate to use these less CPU-intensive methods?

Give this a try if just using OpenVPN to geo-unlock content - turn off crypto all together for the data plane traffic, just using Crypt for login to the remote host...

Get even better performance - and PPTP is even faster yet, as it doesn't have to do the UserLand-Kernel-Userland-Kernel transition... (this is why upclocking improves OpenVPN performance, BTW, as every one of those transitions are interrupt driven)

When you have the luxury of choosing the cipher, it usually means you control the server. Which means your typical usage is to connect back to your LAN, not to connect to a remote tunnel provider to avoid geo blocks.

 

[sfx2000]

When you have the luxury of choosing the cipher, it usually means you control the server. Which means your typical usage is to connect back to your LAN, not to connect to a remote tunnel provider to avoid geo blocks.

Server-Client handshake is what it is - lowest common denominator to establish a connection...

 

[Cloud200]

If my use case is trying to connect 3 locations that I control the routers and I want to transfer backup files or security videos between them, would it be more appropriate to use these less CPU-intensive methods?

In this use case you want to do IPsec site to site VPN.

 

[RMerlin]

If my use case is trying to connect 3 locations that I control the routers and I want to transfer backup files or security videos between them, would it be more appropriate to use these less CPU-intensive methods?

You could consider using SSH + SCP for this type of use. It's fairly simple to setup, and adding new sites will be really easy. If you enable key-based login (and reject password-based login) then it should be quite secure.

 

[philpoe]

In this case then, it looks like I could go for a less powerful router, such as an Asus RT-AC66U or Tenda W1800R, with a single CPU in the 600-800MHz range instead of the more expensive dual-core CPUs in the 1GHz+ range, like the Netgear R7000 or Asus RT-AC68U and save some money.

You could consider using SSH + SCP for this type of use. It's fairly simple to setup, and adding new sites will be really easy. If you enable key-based login (and reject password-based login) then it should be quite secure.