Another "What Router?" Thread

[Higgles]

Hi,

I'm in the process of giving my Asus Rt-N66U router the send off it deserves after a number of years of service. Therefore, I'm looking for a new router to replace it. I've currently got an old Acer Atom D525 machine with a Mini PCI-E twin gigabit network card running PfSense. However this machine has not been totally stable so far (and I can't get the lid on with the network card in the machine). Therefore I need to make some serious choices over what to go for as a full time replacement.

My requirements are
1) Able to cope with 30 plus devices (TVs, Internet Radios, Web Server, Internet heating system etc)
2) VLAN routing support (not totally essential but would be nice)
3) OpenVPN server (able to serve encrypted packets at over 20Mbits both ways)
4) Relatively low wattage.
5) Good support / regular updates to prevent exploits.
6) Not silly money
7) Internet connection is 60/20 connected to a BT Openreach VDSL modem.

Would a UBNT ER-4 fit the bill or is there something else that would be better? As far as I'm concerned, the Atom D525 machine is not a long term solution as it does not support AES-NI which I've heard will be a must have for the next version of PfSense.

Thanks

Higgles

 

[avtella]

R7800 for WiFi and AC86U for VPN performance. Both can meet your VPN requirements though. You could go with either.

 

[Higgles]

R7800 for WiFi and AC86U for VPN performance. Both can meet your VPN requirements though. You could go with either.

Thanks for that. They don't seem to have any real Layer 3 VLAN support out of the box but is there any 3rd party firmware that will support this? I saw some mention of some hacks using the command line under Merlin but I would rather have something that is properly supported.

BTW, not too bothered about WiFi as I've got a separate AP for this.

 

[Higgles]

Has anyone got any opinions on the UBNT Edgerouter ER-4 or ER-6P? These seem to have the VLAN support as well as the OpenVPN server. I haven't seen any real world testing of these 2 models though to know if they can cope with the VPN throughput.

 

[avtella]

Thanks for that. They don't seem to have any real Layer 3 VLAN support out of the box but is there any 3rd party firmware that will support this? I saw some mention of some hacks using the command line under Merlin but I would rather have something that is properly supported.

BTW, not too bothered about WiFi as I've got a separate AP for this.

The R7800 supports OpenWRT which would give you more VLAN options but the AC86U isn’t supported by OpenWRT maybe DD-WRT does.

 

[Higgles]

The R7800 supports OpenWRT which would give you more VLAN options but the AC86U isn’t supported by OpenWRT maybe DD-WRT does.

Looks interesting. When I looked up OpenWRT VLAN it made specific mention of the R7800. Just a case of working through the information on their site to see if it will do the job.

 

[Trip]

An ER-4 wouldn't be a bad choice. Or a low-watt x86 box with an iCore CPU and Intel NICs running OpenWRT if you want more horsepower (Qotom or Protectli models on Amazon, for example). OpenVPN available on both; built-in on ER and package install on OpenWRT, with the latter having a GUI option as well (EdgeRouter is all-CLI, for now). Both have fq_codel with GUI config available for shaping/QoS; OpenWRT added via package and the ER has it built in. The ER will do L3 VLAN routing, and OpenWRT *should* as well, if my memory serves me right...

Then you can throw whatever wifi you prefer on top: consumer all-in-one(s) running in AP mode, a whole-house kit (Eero, Orbi, etc.), SMB wifi (UniFi) or even refurb'd/working-pull big-boy gear off eBay (Aruba, Ruckus).

 

[coxhaus]

What about looking at an Ubiquiti Unifi Security gateway? It has a GUI and looks like it makes things simple. Buy an Ubiquiti AP to integrate in the GUI interface on the Unifi Security gateway. It seems simple to me but I don't run one.

 

[umarmung]

1) Able to cope with 30 plus devices (TVs, Internet Radios, Web Server, Internet heating system etc)​

ER-4, R7800, RT-AC86U

2) VLAN routing support (not totally essential but would be nice)​

ER-4, R7800 + OpenWRT

3) OpenVPN server (able to serve encrypted packets at over 20Mbits both ways)​

RT-AC86U, R7800, ER-4

4) Relatively low wattage.​

ER-4=13W, RT-AC86U=33.25W, R7800=35.68W (all maximums)

5) Good support / regular updates to prevent exploits.​

OpenWRT, Asus, Ubiquiti

6) Not silly money​

R7800, ER-4

All above are overkill in requirements like 30 devices or OpenVPN of only 20Mbits/s bidirectional. However, full VLAN support is not a joke and is not usually found in consumer routers.

Common well-reviewed APs:

• Ubiquiti UAP-AC-Lite (2x2)=6.5W
• TP-Link EAP225 (2x2)=12.6W
  
• Ubiquiti UAP-AC-Pro (3x3)=9W

So, unless you need 200Mbit/s OpenVPN - 10 times your requirement and more than 3 times your Internet - it's a choice between standalone R7800 with OpenWRT, or ER-4 + AP/cheap wireless router. The latter is far more flexible, even if upfront it is a little more costly. You'll probably save it all back on electricity though, especially in Europe.

The ER-4 + AP combo with APs like the Lite or EAP225 still works out a lot cheaper than getting an AES-NI pfSense box with or without radios.

Since the UK will not exceed bidirectional Gigabit Internet this decade, you'll have a nice, fast and flexible setup, able to add more radios with time (seamlessly if they are all from Ubiquiti).

If you ever do need very fast VPN speeds, you can setup somewhere an AES-NI fanless custom box at a later date, dedicated to that task and other services.