Looking to replace RT-AC66U

[Edward Schreibman]

Hi, am looking to replace my RT-AC66U router and do not need a wireless router at this location. Would move the AC66u into a wireless AP role.
Since I have no experience in choosing a wired router, thought I'd post what I need and see if anyone has any suggestions/ recommendations.

Situation is I have FIOS 75 Mbps/75 Mbps and have OpenVPN / QOS features turned on. Have had some issues with very high CPU usage, at one point pegging at 100% and killing the network (resolved with factory reset/ clear nvram).
I really don't want to go through the hassle of setting up the DHCP reservations, VPN, etc again, and am thinking I'd be better off with a router with a bit more CPU muscle.
I really want to be able to fully utilize the WAN and the LAN (about 10 clients) as hard as needed and not sacrifice stability.
Was looking at the RT-AC3200 primarily because of the Broadcom BCM4709A, then realized for the price, and not needing wireless for this device, I could do a lot better bang for the buck.
I need a router, with OpenVPN server, would like at least 4 Gigabit Ethernet ports .
Dont really need to hang off any USB storage, f it has it , thats fine.
Wouldn't mind additional ports, POE, but not a deal killer.
Any ideas, thoughs, solutions welcome!

 

[L&LD]

For the price, I would still buy an AC1900 wireless router or higher. You just don't know what or how your needs change in the future.

The RT-AC68U or /P or the RT-AC87U would be my first choices. With the latter offering QoS at a different level than many other routers currently.

 

[Trip]

Welcome Edward. First off, depending on how much bandwidth utilization and/or simultaneous connections you want, you may be better off offloading the OpenVPN server to its own box -- say an old x86 machine you might have lying around? That would open up your router options quite a bit, as the responsibility would be handled elsewhere. If you still want to keep the server integrated, then I at least recommend going beyond the consumer all-in-ones to something like a Linksys LRT214/224 (if you can deal with its 5-connection limit). A bit higher up the food chain for a turnkey VPN endpoint would be a Zywall 110, but you lose OpenVPN support, so that may be a non-starter. Another option to try might be pfSense, either installed on a cheap x86 box with at least 2 NICs or more, or a pre-built kit on something like an APU2/APU4 board. It offers very similar (and in some cases better) performance and features to stuff like Cisco ASA or SonicWall TZ models. Else there's also Ubiquiti EdgeRouter or MikroTik Routerboard, but I'm hesitant to just purely recommend them, as I don't know how skilled you are and they each require a solid grounding in networking knowledge/command-line use for when you need to go deep/specific with your configs. Anyways, lots of options there - hope some of those suggestions help! =)

 

[Edward Schreibman]

Linksys LRT214/224

Thanks for the detailed response! For me, I like the LRT214, as the ports are not an issue. I'm intending to use this to connect where the FIOS ONC enters, then connect the ports to a switch, a couple wireless APs and my HTPC.
REALLY like the thought of the MikroTik Routerboard, but may be better off with the linksys, although I am considering one just to learn networking a bit more.

Thanks again!

 

[Nullity]

Do you have any old computers? If so, I would look at loading up one of http://en.m.wikipedia.org/wiki/List_of_router_and_firewall_distributions

pfSense is my current choice.

 

[Edward Schreibman]

I sure do, I'm assuming I'll need to add a NIC card (has one on MOBO), thinking one port for WAN/ One for the Lan? Looks like I'll be diving down a new rabbit hole.....!!

 

[Nullity]

I sure do, I'm assuming I'll need to add a NIC card (has one on MOBO), thinking one port for WAN/ One for the Lan? Looks like I'll be diving down a new rabbit hole.....!!

Yeah, two (preferrably Intel) NICs is the advised minimum. I grabbed 2 Intel, PCI NICs from amazon for ~$15 a piece, iirc.

 

[Trip]

Hi Edward - In your case, I'd probably stick to an LRT214 or similar as a starting point. Perhaps shelve MikroTik for learning at a future point. For unencrypted VPN, the LRT should be able to come close to saturating your 75/75 line -- encrypted, you'll drop down to 10-15Mb/s. For 20-40Mb/s over SSL in a small box, a Netgate APU2 or 4 running pfSense should do it (if you're comfortable with double the expenditure). The best value may just be re-purposing the extra x86 box you have -- adding in a couple $15 gigabit NICs. Aside from the higher power draw, that would give you the best throughput for the buck. Best of luck, and do let us know what you picked and how it worked out for you.

 

[colecaz]

I'm a little late in coming to this thread, but have you thought about using a 16 or 24 port switch after your router? One that has QOS capability and leaves the VPN work in the router? Something like the TP-Link SG1016DE. This would unload the router CPU and be easy to implement and not cost a fortune. Just hook one cable from your router to the switch and leave the other router ports open.

This is presuming your QOS client devices are wired.

 

[Cloud200]

what about doing this instead?
Run the OpenVPN server on something other than the router?
Something like a chromebox with chrubuntu installed ought to be enough to fully saturate your line.