What's the Best Router for OpenVPN?

[Ian Holl]

I currently have an Asus AC87U router and it sucks when using OpenVPN. As I understand it it's because it only uses a single core and the router's broadcom CPU doesn't support AES NI. I've read that a Mini PC running an Intel CPU and PFSense will optically run OpenVPN with very minimal connection speed drop.

Can anyone recommend a Mini PC for running OpenVPN. Also can I utilise the Mini PC and use it as an NVR for my IP CCTV?

 

[System Error Message]

"Best", so i would recommend the best of intel xeon or AMD epyc, along with a full set of ram to fill all the channels and sufficient NICs.

you dont want the best router, you want the best mini PC which currently is an intel i3 or amd ryzen with integrated vega.

 

[Ian Holl]

"Best", so i would recommend the best of intel xeon or AMD epyc, along with a full set of ram to fill all the channels and sufficient NICs.

you dont want the best router, you want the best mini PC which currently is an intel i3 or amd ryzen with integrated vega.

Forgive me for my ignorance, but will I also have to use my existing router in conjuction with the mini PC, or will getting a mini PC with WIFI eliminate the need for my existing router? In short, how will I be able to do away completely with my existing Asus router?

 

[CaptainSTX]

You will either have to load a router operating system such as Pfsense on the PC and then use the PC as your router or use the PC as a VPN appliance to handle the processor intensive encryption/ decryption. You would then use your exsisting router as a wireless AP.

If you want the the best VPN router for SOHO look at the AC86 from ASUS as its processor supports AES-NI.

Another option if you are looking for a turnkey setup optimized for VPN is to look at the offerings from Sabai Technology.

 

[Ian Holl]

You will either have to load a router operating system such as Pfsense on the PC and then use the PC as your router or use the PC as a VPN appliance to handle the processor intensive encryption/ decryption. You would then use your exsisting router as a wireless AP.

If you want the the best VPN router for SOHO look at the AC86 from ASUS as its processor supports AES-NI.

Another option if you are looking for a turnkey setup optimized for VPN is to look at the offerings from Sabai Technology.

I'm currently looking into an all-in-one solution, but I can't seem to find a mini PC with both wifi and 4 LAN. I'm currently contemplating buying this https://www.amazon.co.uk/dp/B01AFYDEL2/?tag=smallncom-21

 

[Trip]

Best router for OpenVPN -- server I take it, as opposed to client? -- is the one you feel comfortable enough to configure and the one with enough CPU horsepower to drive the throughout you desire. For me? That would be a Qotom or Protectli x86 embedded appliance with integrated Intel NICs, via Amazon or AliExpress. At least a high-end Celeron, if not Pentium, but personally I'd go straight to an i3-7100U or i5-7200U. Load in a 2GB or 4GB stick of RAM and an SSD (32GB or larger), and whatever flavor of *nix firewall distro that floats your boat, and you're off the races with serious near-gigabit, line-rate OpenVPN. For a very friendly, approachable config, Untangle provides a great UI/UX. A bit less so might be the LUCI web-based config in OpenWRT. Either way, a solid solution that will absolutely destroy any off-the-shelf consumer box for raw throughput, and for not all that much more money for the device or electric bill than many of those overblown erector sets.

 

[rnatalli]

Go with an i3 Qotom box which also uses Intel NICs and install an Atheros 9280 card for WiFi, though, you’re better off with dedicated access points for the WiFi. Install pfSense, OpnSense, Sophos, or Untangle and you’re good to go.


Sent from my iPhone using Tapatalk

 

[Ian Holl]

I was doing some research on Qotom mini PC's and it seems buying the barebones system is the way forward as the complete build's SSD, RAM & Wifi card is low spec. Ideally I'd like an integrated Wifi AP. I noticed Intel's Wifi cards are 867Mbps where Atheros' is 300Mbps. Although I'm not sure if PFSense will support the Intel cards.

Qotom is looking the favourite ATM. I'm wndering if I can install Windows 10 and then run a virtual machine within Windows to install PFSense. That way I can also run BlueIris NVR software as well as setting up a server.

Edit: The Atheros QCNFA344A is 867Mbps

 

[Andr3w99]

I`m having great success with the RT-AC86U with Asus Merlin. As it has hardware support for openvpn. Have a look s this page:
https://www.privateinternetaccess.c...celeration-is-here-for-routers-using-openvpn/

 

[Cake]

Another vote for Qotom. Light on power consumption, 100% uptime with opnsense, opnvpn with opnsense has been patched with clayfaces' scramble patch. Its a learning curve at first but a couple hours of youtube tutorials and it will all make sense. You could try this instead of blue iris -> https://wiki.zoneminder.com/FreeBSD
https://wiki.zoneminder.com/FreeBSD
Edit: I see it may have support already for zoneminder https://github.com/opnsense/ports/tree/master/multimedia

 

[lovan6]

If you like to tinker around check HP T620 plus

https://www.servethehome.com/hp-t620-plus-thin-client-and-firewall-vpn-appliance/

 

[Ian Holl]

If you like to tinker around check HP T620 plus

https://www.servethehome.com/hp-t620-plus-thin-client-and-firewall-vpn-appliance/

Cheers I'll check it out. Having researched the mini PC builds a barebones Qotom seems to be favourite ATM, although their product range is vast and a little overwhelming, but I think the PSU, chassis, mobos, form factors and 4 LAN ports are pretty much the same. I think Qotom just off an abundance of different configurations with the CPU, RAM, SSD and Wifi option; this creating many different model numbers.

The WiFi card's form factor explains why there's a 300Mbps. I didn't even know the half PCI-e form factor existed. It certainly explains why a dedicated wireless AP is recommended.

Building an all-in-onr beast router, firewall and WiFi AP is what I'm looking to do, so I'm weighing up my options. Also utilising the build as an NVR is what I'm aim to do, so I might choose a bigger form factor and chassis design.

 

[System Error Message]

another option, one of AMD ryzen + vega development board with 2x 10Gb/s ports or multiple usb-c to ethernet ports, though you will have to buy your own ram and SSD. Thats as small as you can get that you could fit in the palm of your hands. I have the one for udoo ordered already but the kickstarter is still there as they havent finished the board.

You can also add your own wifi cards too.

 

[RMerlin]

I was doing some research on Qotom mini PC's and it seems buying the barebones system is the way forward as the complete build's SSD, RAM & Wifi card is low spec. Ideally I'd like an integrated Wifi AP. I noticed Intel's Wifi cards are 867Mbps where Atheros' is 300Mbps. Although I'm not sure if PFSense will support the Intel cards.

Qotom is looking the favourite ATM. I'm wndering if I can install Windows 10 and then run a virtual machine within Windows to install PFSense. That way I can also run BlueIris NVR software as well as setting up a server.

Edit: The Atheros QCNFA344A is 867Mbps

You can also run XenServer/X-NG on the Qotom, and run any VMs you wish. I use a Qotom myself to run a Windows 10 VM, and occasionally a second Linux VM for R&D purposes. Make sure to get the i5 version then to get full virtualization support. Note however that certain pfsense features do not work when virtualized.

 

[lovan6]

Cheers I'll check it out. Having researched the mini PC builds a barebones Qotom seems to be favourite ATM, although their product range is vast and a little overwhelming, but I think the PSU, chassis, mobos, form factors and 4 LAN ports are pretty much the same. I think Qotom just off an abundance of different configurations with the CPU, RAM, SSD and Wifi option; this creating many different model numbers.

The WiFi card's form factor explains why there's a 300Mbps. I didn't even know the half PCI-e form factor existed. It certainly explains why a dedicated wireless AP is recommended.

Building an all-in-onr beast router, firewall and WiFi AP is what I'm looking to do, so I'm weighing up my options. Also utilising the build as an NVR is what I'm aim to do, so I might choose a bigger form factor and chassis design.

If your intent and purpose is to build a beast of an openvpn router, there are things you need to consider.


Openvpn run on a single thread and requires a high cpu base frequency with AES-NI. A dual core like an Intel i3 socketed cpu is sufficient enough. but if you intend to run like an IDS/IPS, go with an i5. I would avoid using those embedded Qotom or Protecli because they use a laptop cpu and onboard network card. You want to use a dedicated Intel Server network cards.


A good fiber connection is required to sustain speed. Also you have to consider the distance of your connected server.


Using Pfsense in bare metal is your best bet in running openvpn. there is a steep learning curve but it work. I have tried different router distros but for me Pfsense stands above all others.

Check Unifi Access points, manage switch, camera and NVR including their Cloud key. They work well with Pfsense. Leave alone your build box as a core router.

Go look for Xentrk post the openvpn guru in this forum. He knows a lot of things in setting up an openvpn.

 

[RMerlin]

I would avoid using those embedded Qotom or Protecli because they use a laptop cpu and onboard network card. You want to use a dedicated Intel Server network cards.

Qotom uses Intel NICs.

 

[rnatalli]

Qotom uses Intel NICs.

Not all their units do; I have one I’m using as a surveillance server and it has Realtek NICs; but the i3s and above generally use Intel NICs.


Sent from my iPhone using Tapatalk

 

[Ian Holl]

For now I've ordered an AC86U to improve my OpenVPN speeds, as my AC87U is pathetic. I will then build a decent i5 router with dedicated Intel LAN. That way I'll be able to also run an NVR.

 

[Xentrk]

I obtained an old Windows 7 PC on a trade and converted it into a pfSense router. It has an Intel i5 CPU that supports AES-NI. Super fast OpenVPN performance when compared to my AC88U. I had to buy an extra NIC - one NIC is used for the WAN port and the other for the LAN port. I then attached an 8 port switch to give me extra LAN ports. I connected an Asus RT-AC68U to the switch and run it as an Access Point. My main use case is selective routing and blocking ads and evil sites. The features of pfBlockerNG allow me to create IPv4 lists for streaming media. Some I can create by just using the features of pfBlockerNG to mine a streaming media service by AS Number. For other lists where I use domain names I mined, it is easy to create Firewall Aliases containing the names. Then, creating a Firewall-LAN rule to route that traffic to the appropriate VPN tunnel.