Router for VPN with AES-NI

[Ferrarista]

Some years ago I configured my first VPN using first an ASUS AC86U and then I replaced it with an AX88U. I decided to use these models because I read (probably right in this forum) that those 2 models support the AES-NI encryption that is needed to speed up the VPN server. Now I need to configure a new VPN at my new place where I have a gigabit connection. Is it still important to have a router supporting AES-NI encryption? Which models do you recommend?

 

[ColinTaylor]

AES-NI is only available in Intel processors. Other processors (e.g. AMD, ARM, etc) have their own AES support.

 

[RMerlin]

With a gigabit link, you might be better off running OpenVPN on a device with a better CPU than an ARM-based router. The fastest router at the moment might give you a bit under 300 Mbps of throughput with OpenVPN.

 

[Ferrarista]

AES-NI is only available in Intel processors. Other processors (e.g. AMD, ARM, etc) have their own AES support.

Which routers have then an Intel processor capable of AES(-NI) support?

With a gigabit link, you might be better off running OpenVPN on a device with a better CPU than an ARM-based router. The fastest router at the moment might give you a bit under 300 Mbps of throughput with OpenVPN.

At the moment I have 50 Mbps upload speed, but even when (and if) I'll finally have an optical fiber connection, it won't be faster than 300 Mbps. I think that OpenVPN is more than enough for now.

 

[ColinTaylor]

Which routers have then an Intel processor capable of AES(-NI) support?

Sorry, I don't keep abreast of all the different router products. You can see the list of AES-NI processors here. So you're looking at an x86 machine, probably running something like pfSense.

But if your question was about routers that have hardware encryption you don't need Intel's AES-NI specifically, just something that supports AES.

 

[Ferrarista]

My question is what a router should have to build a performing VPN (I mean, if AES or AES-NI is an important requirement) and which models have these features.

 

[Ferrarista]

So nobody can recommend a router for my needs?

 

[L&LD]

If you're looking for gigabyte speed VPN, no consumer/prosumer router will do that.

pfSense is a hot mess right now, but it might get you there with your own hardware if you're interested in building it yourself. I would suggest an Intel 11th Gen or higher CPU with 16GB RAM or more powered by a 256GB or larger SSD. With (only) an Intel LAN card of 2 ports or more.

If you're not connecting from your 'place' to a location that also has gigabyte speeds (up/down) and you're not expecting those max speeds, then the RT-AX88U Pro or the GT-AX6000 is a good place to start (with RMerlin firmware, of course). This will get you in the 200 - 300 Mbps range, depending on external factors and VPN settings you need/choose.

 

[Tech9]

So nobody can recommend a router for my needs?

You have to build your own custom solution around mini-PC like Protectli Vault or similar. For CPU - something 8th Gen or better i5/i7, 4GB RAM is enough, 120GB drive is plenty, NICs whatever you need speed. For multi threaded OpenVPN you also need pfSense Plus license. You are looking at $500+ project plus a steep learning curve from your home router knowledge starting point. Other option is off-lease SFF PC with the NICs you need, but it requires even more knowledge and will consume more power.

Perhaps the above is the reason no one recommended a "router" for your needs. I personally don't know why you "need" this VPN in first place.