Router for small office with vpn

[JoyceBabu]

I am planning to buy a new router for a small office. The total office area is 850 sqft, partitioned into three rooms. There will be around 20 connected devices. I wish to install TomatoUSB on the new router, and configure OpenVPN on it. The VPN won't be used heavily. It will be used only for accessing files and a few web services running on the network (not for secure browsing).

I am presently considering the following routers

1. Asus RT AC68U - ₹12,475
2. Asus RT-AC87U - ₹16,900

Asus RT AC3200 is available for ₹18,950. Based on the price and reviews, I am leaning to AC68U. But I am interested about the effect of the better/additional processor of AC87U on the VPN performance. Which AC router would you recommend for my use case? Is it worth spending 35% more on the AC87U (52% for AC3200)?

Thank you.

---

My current router is Asus RT N18U. Below is the result of speedtest from my phone with and without using VPN.

WiFi - 5.6 Mbps
3G - 2.6 Mbps
VPN (Connected via 3G to the OpenVPN server on my router) - 0.48 Mbps

Will I see a speed improvement by switching to one of the routers mentioned above?

 

[System Error Message]

AC68U. AC3200 if you have many wifi clients in small area.

 

[JoyceBabu]

Thank you for your response.

Are 20 connected clients too many to consider upgrading to AC3200? Or is it the number of simultaneously transmitting clients that matters?

 

[Samir]

If you're going to be spending that type of money, I would get either of these from the cdw outlet and ship it international--you'd still be ahead on price:
https://www.cdw.com/shop/products/CISCO-RV320-GB-DUAL-WAN-VPN-ROUTER/4292651.aspx?pfm=srh
https://www.cdw.com/shop/products/CISCO-RV042G-DUAL-GIGABIT-WAN-VPN-B/4287170.aspx?pfm=srh

Then just pick up some generic access point there locally for cheap for wireless coverage.

 

[System Error Message]

i really suggest against the cisco rv, even ubiquiti edgerouter is better. For your purposes it really depends on what you need. If your network needs are the same as a home network and your vpn throughput not much the asus will do fine, otherwise if you want really good vpn than using a pc as a router is actually the best choice.

If you have 20 clients connected all at the same time and all use wifi AC than you will benefit from the AC3200 if they all are within range of the AP.

 

[JoyceBabu]

Thank you for the advice. Is CPU the major bottleneck when running a VPN inside a router? If so, would I see a noticeable performance improvement by moving the OpenVPN server to a Linux server, instead of running it on the router?

If price is not the major consideration, then is it better to setup a good Router + AP instead of a Wireless Router as Samir suggested?

 

[System Error Message]

Thank you for the advice. Is CPU the major bottleneck when running a VPN inside a router? If so, would I see a noticeable performance improvement by moving the OpenVPN server to a Linux server, instead of running it on the router?

If price is not the major consideration, then is it better to setup a good Router + AP instead of a Wireless Router as Samir suggested?

CPU is important for vpn. You will see performance increase if before you didnt get wan speeds for your vpn.

Choosing a router, its between asus, mikrotik and pfsense. mikrotik requires skill to set up so if you dont have that you might want to avoid it. if you go to demo.mt.lv you can see how it looks like. pfsense runs off pc and has loads of features that are good. For your wifi you can go with asus, netgear, tplink, ubiquiti or even mikrotik. There may be more brands but as long as you avoid the terrible ones like dlink you will be fine.

 

[Samir]

i really suggest against the cisco rv, even ubiquiti edgerouter is better. For your purposes it really depends on what you need. If your network needs are the same as a home network and your vpn throughput not much the asus will do fine, otherwise if you want really good vpn than using a pc as a router is actually the best choice.

If you have 20 clients connected all at the same time and all use wifi AC than you will benefit from the AC3200 if they all are within range of the AP.

The Cisco is easy to set up and doesn't require any tinkering for the OPs requirements. Sure, there are ways to get 10-20% more performance from other platforms, but unless you really need it, why waste time?

You can get multiple cheap APs and have better coverage than a single AP trying to handle everything.

 

[Samir]

Thank you for the advice. Is CPU the major bottleneck when running a VPN inside a router? If so, would I see a noticeable performance improvement by moving the OpenVPN server to a Linux server, instead of running it on the router?

If price is not the major consideration, then is it better to setup a good Router + AP instead of a Wireless Router as Samir suggested?

It all depends on the software and how well its written. I've seen routers spec'd for higher run less, and those spec'd for lower have 10x the throughput.

If you're building your own router, picking your hardware and software, then yes the hardware matters. If price is not a consideration, look into enterprise stuff from fortigate, juniper, cisco asa, etc. Most enterprise equipment do not have built-in APs.

 

[Samir]

CPU is important for vpn. You will see performance increase if before you didnt get wan speeds for your vpn.

Choosing a router, its between asus, mikrotik and pfsense. mikrotik requires skill to set up so if you dont have that you might want to avoid it. if you go to demo.mt.lv you can see how it looks like. pfsense runs off pc and has loads of features that are good. For your wifi you can go with asus, netgear, tplink, ubiquiti or even mikrotik. There may be more brands but as long as you avoid the terrible ones like dlink you will be fine.

It really depends on how much time the OP wants to spend on the setup. Getting the rv series ones I posted would be less than an hour. And that would provide normal working speeds up to what snb tested them at.

 

[System Error Message]

It really depends on how much time the OP wants to spend on the setup. Getting the rv series ones I posted would be less than an hour. And that would provide normal working speeds up to what snb tested them at.

so is asus. The vpn router platform has always been terrible. Theres no support provided that consumer routers dont provide with these vpn routers. The OP would have a much better time using asus or pfsense.

Mikrotik does have configuration scripts that make it easy to set up but to make full use of it requires skill. Its why i suggested asus or pfsense as main router because they dont require much skill to configure, they are more reliable than vpn routers, and they offer capabilities to do more that you cant do with a cisco rv. For example many vpn routers dont even support openvpn. Their speeds for unaccelerated vpn protocols are also very poor.

 

[Samir]

so is asus. The vpn router platform has always been terrible. Theres no support provided that consumer routers dont provide with these vpn routers. The OP would have a much better time using asus or pfsense.

Mikrotik does have configuration scripts that make it easy to set up but to make full use of it requires skill. Its why i suggested asus or pfsense as main router because they dont require much skill to configure, they are more reliable than vpn routers, and they offer capabilities to do more that you cant do with a cisco rv. For example many vpn routers dont even support openvpn. Their speeds for unaccelerated vpn protocols are also very poor.

Agreed that the Asus may be just as easy, but a business vpn router is made for it, hence it covers everything. The asus may be fine in the OP's case because of the limited use, but it's also much more expensive than the Cisco ones I linked to. Keep in mind that they are never normally this cheap, but this is the pricing in the CDW outlet which are returns or open box units with full warranty.

No doubt the Mikrotik products are higher-performance like pfsense, but both cannot be deployed in 15m. I can get a smb class vpn router up in that much time.

As far as speed, my rv016 v2, which is very, very dated does site to site vpn connections at >20Mbps in my test using a switch and dhcp server to simulate the Internet. And this is a very dated product. The newest models should easily be able to do this, and 20Mbps is in excess of what most have as their upload bandwidth.

I understand that buying a Ultima is a better deal than a Corvette at the price since the performance is so much more, but when you are just driving up and down the street, why get into the complexity of getting the most bang for your buck?

 

[System Error Message]

Agreed that the Asus may be just as easy, but a business vpn router is made for it, hence it covers everything. The asus may be fine in the OP's case because of the limited use, but it's also much more expensive than the Cisco ones I linked to. Keep in mind that they are never normally this cheap, but this is the pricing in the CDW outlet which are returns or open box units with full warranty.

No doubt the Mikrotik products are higher-performance like pfsense, but both cannot be deployed in 15m. I can get a smb class vpn router up in that much time.

As far as speed, my rv016 v2, which is very, very dated does site to site vpn connections at >20Mbps in my test using a switch and dhcp server to simulate the Internet. And this is a very dated product. The newest models should easily be able to do this, and 20Mbps is in excess of what most have as their upload bandwidth.

I understand that buying a Ultima is a better deal than a Corvette at the price since the performance is so much more, but when you are just driving up and down the street, why get into the complexity of getting the most bang for your buck?

The problem with the cisco rv is that it is awful, its just terrible. Reliability on it sucks. Its nothing to do with how fast or easy it is to set up, its the fact that its a limited and unreliable platform. If the OP wants openvpn the cisco rv doesnt have it. Cisco rv is just like d link or even linksys as ive seen quite a number of complaints for linksys as well. The OP needs a router for vpn and a needs to provide wifi. ASUS is actually cheaper than the cisco rv. Starting with the AC68U, its cheaper than the cisco rv. For the OPs use im not suggesting mikrotik as he would lack the skill but even recycling a core2 PC, getting an intel 2nd hand network card and running pfsense on it, you cant beat the cost and it will still give good vpn performance though you need the 32nm 1st gen intel iseries at least for AES acceleration.

 

[JoyceBabu]

I would like to clarify that I meant 20 wirelessly connected devices, not VPN clients. There will be only at most one VPN client connected at a time. My issue is the low data transfer rate, while connecting through the VPN, which pretty much makes it unusable.

I will install OpenVPN on a Core i3 Linux server on the network and compare it's performance to the OpenVPN server on my current RT-N18 router. I will also try installing pfsense on an old unused core2duo system, before buying the new router.

 

[System Error Message]

I would like to clarify that I meant 20 wirelessly connected devices, not VPN clients. There will be only at most one VPN client connected at a time. My issue is the low data transfer rate, while connecting through the VPN, which pretty much makes it unusable.

I will install OpenVPN on a Core i3 Linux server on the network and compare it's performance to the OpenVPN server on my current RT-N18 router. I will also try installing pfsense on an old unused core2duo system, before buying the new router.

Looks like you've got your router there already. Now all you need is a good AP.

 

[Samir]

The problem with the cisco rv is that it is awful, its just terrible. Reliability on it sucks. Its nothing to do with how fast or easy it is to set up, its the fact that its a limited and unreliable platform. If the OP wants openvpn the cisco rv doesnt have it. Cisco rv is just like d link or even linksys as ive seen quite a number of complaints for linksys as well. The OP needs a router for vpn and a needs to provide wifi. ASUS is actually cheaper than the cisco rv. Starting with the AC68U, its cheaper than the cisco rv. For the OPs use im not suggesting mikrotik as he would lack the skill but even recycling a core2 PC, getting an intel 2nd hand network card and running pfsense on it, you cant beat the cost and it will still give good vpn performance though you need the 32nm 1st gen intel iseries at least for AES acceleration.

Where are you getting your information from? I'm an actual owner of two rv016s for over 10 years now and both are still 100% functional. I've had a rv042 as well, but its caps finally gave out and it died after about 5 years. There are quirks in any smb class of router, but most will reliably do the basics they were built to do.

The conversion from Indian Rupees to dollars is almost 60:1, making either of the Asus products in the original post 2x what the rv series cost out of the cdw outlet. With international shipping and customs, it would almost be the same, but the rv is built for this vs the asus not.

 

[Samir]

I would like to clarify that I meant 20 wirelessly connected devices, not VPN clients. There will be only at most one VPN client connected at a time. My issue is the low data transfer rate, while connecting through the VPN, which pretty much makes it unusable.

I will install OpenVPN on a Core i3 Linux server on the network and compare it's performance to the OpenVPN server on my current RT-N18 router. I will also try installing pfsense on an old unused core2duo system, before buying the new router.

I regularly could connect to my rv016 at full bandwidth via pptp. Ipsec site-to-site connections were 20Mbps+ in my tests when we were evaluating other routers to replace it. It was quite impressive since we thought they were too dated compared to the replacements we were looking at.

What's going to be more important for your vpn throughput is your available bandwidth at both the server side and client side as well as how much data/what type of application you'll be using through the vpn. This was our issue initially until we got more bandwidth. Every router we had installed (including the rv016) had more than enough capability for the bandwidth we had. It still does, but we wanted some features the rv016 couldn't do, so it sits as an emergency backup now.

 

[System Error Message]

Where are you getting your information from? I'm an actual owner of two rv016s for over 10 years now and both are still 100% functional. I've had a rv042 as well, but its caps finally gave out and it died after about 5 years. There are quirks in any smb class of router, but most will reliably do the basics they were built to do.

The conversion from Indian Rupees to dollars is almost 60:1, making either of the Asus products in the original post 2x what the rv series cost out of the cdw outlet. With international shipping and customs, it would almost be the same, but the rv is built for this vs the asus not.

You still havent claimed it to have openvpn support and thats used quite a lot now. It doesnt require firewall assistance as that is missing from quite a number of low end consumer routers.

the cisco rv was unreliable not just in hardware (i still have the mikrotik rb450G still being used for more than 5 years and still going strong, firmware updates make it less likely to restart itself which used to happen at most twice a year). The firmware was also unreliable. restarting the router became common. you'll also see it on this forum burried in a few threads but the unreliability of the platform the cisco rv used was very apparent that so many posts were made. It is infact the same platform used by the ERL and it took ubiquiti years just to get it working stable.

What differentiated the ERL to the vpn routers was that the ERL has more cores and higher clocks so it could do its job.

 

[Samir]

You still havent claimed it to have openvpn support and thats used quite a lot now. It doesnt require firewall assistance as that is missing from quite a number of low end consumer routers.

the cisco rv was unreliable not just in hardware (i still have the mikrotik rb450G still being used for more than 5 years and still going strong, firmware updates make it less likely to restart itself which used to happen at most twice a year). The firmware was also unreliable. restarting the router became common. you'll also see it on this forum burried in a few threads but the unreliability of the platform the cisco rv used was very apparent that so many posts were made. It is infact the same platform used by the ERL and it took ubiquiti years just to get it working stable.

What differentiated the ERL to the vpn routers was that the ERL has more cores and higher clocks so it could do its job.

I never claimed that it does have openvpn support. By who cares when the standard cisco client built into almost every os will work with the rv? A solid vpn is the goal here, not using openvpn, right?

I've found the hardware on the rv016 to be beyond rock solid. At one point it was operating in 100 degree heat for 2 years. I thought that would kill it, but it never did, and it still works fine today. The firmware has its bugs, but no more so than any other brand in the smb space (I have several netgear routers as well). Reboots of any router in the smb space is a given--this isn't enterprise gear, but it's a fraction of the cost too.

"A paradigm of routers (and a lot of computer equipment in general) is this: You can pick two of the following characteristics:
- cheap
- powerful
- easy to use
Summed up as:
cheap, easy, or powerful--pick 2." © 2016 Samir

cisco rv - cheap, easy, not as powerful
pfsense - cheap, potentially powerful, not exactly easy
mikrotik and other variants - cheap, powerful, but not easy

The erl is an interesting router that really made a dent in the smb world with a highly powerful and affordable router--but it follows the paradigm because aside from the configuration that can be done via the gui, it's definitely not easy.

 

[System Error Message]

I never claimed that it does have openvpn support. By who cares when the standard cisco client built into almost every os will work with the rv? A solid vpn is the goal here, not using openvpn, right?

I've found the hardware on the rv016 to be beyond rock solid. At one point it was operating in 100 degree heat for 2 years. I thought that would kill it, but it never did, and it still works fine today. The firmware has its bugs, but no more so than any other brand in the smb space (I have several netgear routers as well). Reboots of any router in the smb space is a given--this isn't enterprise gear, but it's a fraction of the cost too.

"A paradigm of routers (and a lot of computer equipment in general) is this: You can pick two of the following characteristics:
- cheap
- powerful
- easy to use
Summed up as:
cheap, easy, or powerful--pick 2." © 2016 Samir

cisco rv - cheap, easy, not as powerful
pfsense - cheap, potentially powerful, not exactly easy
mikrotik and other variants - cheap, powerful, but not easy

The erl is an interesting router that really made a dent in the smb world with a highly powerful and affordable router--but it follows the paradigm because aside from the configuration that can be done via the gui, it's definitely not easy.

cisco rv doesnt offer things that other routers dont. So if its in the cisco rv its in another router. I've seen various instances where the CPU being too slow making managing it a chore and not keeping up. As i said many times all over the place its not just the cisco rv, any vpn router is outdated. Both the platform (slow CPU speed) combined with lack of features is what makes it obsolete.

I know you love the cisco rv so much having had good luck with it but like with dlink, some may do fine with it while others will suffer. What you're doing is the same as what ERL users do and the ERL is an example of an over glorified router. ERL cant perform QoS at needed speeds they only apply it to upload for example. At the very least ubiquiti updates the edgerouter series so even though it uses the same platform as the cisco rv it doesnt get outdated because it is constantly being updated and for less than the cisco rv includes more features and faster CPU. I also know its one of the major thing about your business so if it is i suggest replacing them with the edgerouters which while being ubiquiti's weakest product is the same hardware as the cisco rv but with faster cpu and better firmware. My scorn at ubiquit is mainly their marketing and lack of information.

OP already has PC he is trying out as a router. Thats basically something free right there. With pfsense he doesnt need to spend anything on hardware and it is easier to configure than both mikrotik and ubiquiti for more advanced things.

You could say dlink and tplink being easy but tp link only has basic features, dlink is just unreliable just like with some linksys routers and the cisco rv. The unreliability of the firmware extends to all vpn routers from all brands. I scorn at them because they cost more than the equivalent consumer router and are less reliable while missing out on features that consumer routers offer. Sure 10 years ago vpn routers had their place but they havent had any new features that helps to justify their purchase or even firmware stability (something which took ubiquiti years to work out). Cisco doesnt spend as much effort on the cisco rv as ubiquiti does on their edgerouters.

Even in a place of corruption like india where asus is priced double, there are other good brands in terms of hardware such as netgear and tp link, coupled with 3rd party firmware like tomato or openwrt will do well. But if they already have a platform that they can use as a router like a spare PC, even if its a core2 it will be so much better than any vpn router or consumer router for free.