Wifi 5 mesh w. dedicated wireless backhaul

m1nkeh

Occasional Visitor
Hey ,

I am considering switching my current RT-AC86U for an OOTB mesh system, but I need it to a) support dedicated wireless backhaul, and b) allow me to connect to a multitude of VPNs

Flip-flopping between AiMesh, and other brands (such as https://www.tp-link.com/en/home-networking/deco/deco-m9-plus/)

I don't really *need* the speed (internet is only 350mbps), what I do need though is the coverage - and crucially OpenVPN support (i don't actually think the Deco supports that?)

Anyone recommend me a wifi 5 tri-band mesh with OpenVPN capability?
 

Tech Junky

Very Senior Member
Why ovpn? It's slow and takes a lot of resources. Wireguard is much more preferable.

I won't go into the whole "mesh" thing because you obviously aren't wired for APs.
 

Tech9

Part of the Furniture
allow me to connect to a multitude of VPNs

There is none with multitude on-router VPNs. The best you can get is Asuswrt-Merlin router with up to 5x VPN clients. This limits you to AiMesh, good or bad. If your multitude of VPNs are on-device though - Eero Pro is pretty good tri-band wireless system with dedicated backhaul.
 

m1nkeh

Occasional Visitor
Why ovpn? It's slow and takes a lot of resources. Wireguard is much more preferable.

I won't go into the whole "mesh" thing because you obviously aren't wired for APs.
good question.. wireguard is also good, reason I state ovpn only though is that my current RT-AC86U doesn't support wireguard (afaik?), so i kinda don't think about it
i've actually today ordered an RT-AX86U, which does support wireguard, so i will give that a whirl w. AiMesh anyway

the reason i am not interested in wired APs is mainly we simply don't need it, and the home is small - we get by totally fine with WiFi for everything (tv, concurrent video calls, gaming, etc.) - wired is not a hassle i am interested in pursuing

There is none with multitude on-router VPNs. The best you can get is Asuswrt-Merlin router with up to 5x VPN clients. This limits you to AiMesh, good or bad. If your multitude of VPNs are on-device though - Eero Pro is pretty good tri-band wireless system with dedicated backhaul.
oh, shame, what about a single on-router VPN?

currently have Asuswrt-merlin, and will test out AiMesh this weekend with a new RT-AX86U i picked up, however that will only be dual-band so will suffer a bit with no dedicated wireless backhaul
 

Tech9

Part of the Furniture
oh, shame, what about a single on-router VPN?

No much options either. Some may allow you single VPN on/off. Nothing even close to what do you need.

have actually today ordered an RT-AX86U

This router will work. A good node for it is the cheaper RT-AX86S with the same firmware and radios hardware.

my current RT-AC86U doesn't support Wireguard (afaik?)

I does, but with Custom Script in Asuswrt-Merlin only. You have to do the same with your new AX86U. No Wireguard in GUI.
 

m1nkeh

Occasional Visitor
i am quite surprised there is no OOTB mesh with these features - heh

still, at least i know i'm not going mad - i had been looking for ages!

thought: is there a go-to solution for putting something 'in front' of the OOTB mesh? raspberry pi?
 

Tech9

Part of the Furniture
I don't know why do you need the multitude of on-router VPNs, actually. This requirement limits your hardware choices. Business gear can do this. You were just looking at the wrong equipment. You can set 20+ VPNs on a pfSense firewall, if you wanted to. Available option for years.
 

m1nkeh

Occasional Visitor
I don't know why do you need the multitude of on-router VPNs, actually. This requirement limits your hardware choices. Business gear can do this. You were just looking at the wrong equipment. You can set 20+ VPNs on a pfSense firewall, if you wanted to. Available option for years.
i live in the EU, and like to still watch tv from my home country, i don't need multiple running at once - sorry if there was confusion there :)
yeah fair enough, i could do a pfSense fw, but that's another 'thing' to install, configure, and i guess maintain... i don't mind spending money to simplify

I does, but with Custom Script in Asuswrt-Merlin only. You have to do the same with your new AX86U. No Wireguard in GUI.
ah, good to know! is that on entware?
 

Tech9

Part of the Furniture
and like to still watch tv from my home country

This is much simpler requirement. You need one tested working VPN and for your non-VPN capable devices only.

is that on entware?

WireGuard Session Manager in AMTM. Read the correspondent threads in Asuswrt-Merlin AddOns section for details.
 

m1nkeh

Occasional Visitor
This is much simpler requirement. You need one tested working VPN and for your non-VPN capable devices only.
i mean, we are getting in to the details here a bit, but personally i like to have the VPN on the whole network, and not on-device. that way my less-technical family members can just get on with their life, we usually leave it connected to the main country for the whole network permanently.

WireGuard Session Manager in AMTM. Read the correspondent threads in Asuswrt-Merlin AddOns section for details.
found them, thanks
 

Tech9

Part of the Furniture

By the way, stock Asuswrt is coming with Wireguard in GUI and VPN Fusion with device routing options. The beta for your router is here and official stable is coming very soon. You may not need Asuswrt-Merlin at all. Stock Asuswrt options for VPN may be easier for you to use.


but personally i like to have the VPN on the whole network

You'll run into issues, only limiting your own Internet experience. You won't have more security either. You'll be blocked, asked to authenticate often, more and more sites will refuse services to you, your Internet connection speed will be inconsistent, your latency higher, perhaps games won't work well, etc. You may get Internet down moments, depending on someone else's server uptime. Very often folks come here with this idea, spend the money for the equipment necessary and later realize the idea wasn't that great anyway. Your family members will start complaining first and you'll have to restore the peace by removing this all-network VPN soon after. I know from personal experience. My experiment lasted a week.
 

Tech Junky

Very Senior Member
All network is fine with wireguard and for the auth issues you can put in bypass routes like I did for Amazon. Split tunneling is basically not a thing with most commercial VPN apps. Just look for my Amazon thread and the commands are in there for adding routes.
 

L&LD

Part of the Furniture
You may find the single RT-AX86U you've ordered to be enough WiFi for the whole house. Do try it by itself before you connect other 'nodes'.

With the 388.xx level of firmware expected (with WG support) by the end of the year (or, early next year), this is the brand I would suggest sticking with.

Another option is the GT-AX6000 with up to 20% higher wireless throughput and similar stability and slightly higher wired performance too.
 

Tech9

Part of the Furniture
All network is fine with wireguard

The VPN type is not the issue here. It's the VPN itself and most commercial VPN servers are well known. If the connection is used mostly for entertainment - not a big deal. If you do business or work/learn from home though, very common today - chances to hit issues on day one.
 

Tech9

Part of the Furniture
i live in the EU, and like to still watch tv from my home country

Not sure if it's an option for you, but I own properties in both North America and Europe. I run my own VPN servers in both places with corresponding local ISP providers. This way I can have NA or EU connection everywhere I go. No one ever blocked or blacklisted my own external IP addresses. I also use NordVPN on-device and it allows selective routing. Much easier than poking in router settings for every change needed - few clicks on the screen.
 

m1nkeh

Occasional Visitor
You'll run into issues, only limiting your own Internet experience. You won't have more security either. You'll be blocked, asked to authenticate often, more and more sites will refuse services to you, your Internet connection speed will be inconsistent, your latency higher, perhaps games won't work well, etc. You may get Internet down moments, depending on someone else's server uptime. Very often folks come here with this idea, spend the money for the equipment necessary and later realize the idea wasn't that great anyway. Your family members will start complaining first and you'll have to restore the peace by removing this all-network VPN soon after. I know from personal experience. My experiment lasted a week.
I mean, I've had it like this for ~3 years now, on a single router and all is good - now I simply want a bit more coverage so was investigating if i could simply chuck money at the problem with an OOTB wireless mesh :)

The VPN type is not the issue here. It's the VPN itself and most commercial VPN servers are well known. If the connection is used mostly for entertainment - not a big deal. If you do business or work/learn from home though, very common today - chances to hit issues on day one.
Interesting, I also work from home, and so does my wife, both always on video calls, etc.. it's never been a problem tbh - the most 'issues' I've had is my work's awful internal sites not resolving DNS
As a bonus point, I even contracted at a bank for about 18 months and that was auto-VPN through my own VPN, and there was never a skipped beat. heh.

Not sure if it's an option for you, but I own properties in both North America and Europe. I run my own VPN servers in both places with corresponding local ISP providers. This way I can have NA or EU connection everywhere I go. No one ever blocked or blacklisted my own external IP addresses. I also use NordVPN on-device and it allows selective routing. Much easier than poking in router settings for every change needed - few clicks on the screen.
It *could* be an option... I do have properties in my home country, but I don't currently live in them so it's a bit of a stretch to ask the tenants to put my server up in their spare room :D

I pay for the VPN, with a dedicated IP, and pay for the privilege of it not getting blocked, so you know... it's worked fine for this long! :D :D
 
Last edited:

m1nkeh

Occasional Visitor
You may find the single RT-AX86U you've ordered to be enough WiFi for the whole house. Do try it by itself before you connect other 'nodes'.

With the 388.xx level of firmware expected (with WG support) by the end of the year (or, early next year), this is the brand I would suggest sticking with.

Another option is the GT-AX6000 with up to 20% higher wireless throughput and similar stability and slightly higher wired performance too.
that's good to hear, i will give it a whirl

the bit that is annoying me is i have an office in the back garden that i need to bridge to, and i cannot run a cable as it's hard landscaped (w. power, and lighting) - luckily it's only about 6 meters :D
 

Tech9

Part of the Furniture
Use your existing AC86U as repeater or node. It has 4x4 5GHz AC radio and 1024QAM support. Link speeds up to 2166Mbps to the parent Asus router. It can do >400Mbps to connected to it clients. Look at my signature, I have tested it personally. You can have your full ISP speed on Wi-Fi there.
 

m1nkeh

Occasional Visitor
Use your existing AC86U as repeater or node. It has 4x4 5GHz AC radio and 1024QAM support. Link speeds up to 2166Mbps to the parent Asus router. It can do >400Mbps to connected to it clients. Look at my signature, I have tested it personally. You can have your full ISP speed on Wi-Fi there.
that is indeed the plan :D

was planning for "just in case" it didn't work though, haha
 

Tech9

Part of the Furniture
If you can get another AC86U with long warranty, it will make good AiMesh with your existing one. The only issue with AC86U is bad reliability history. Otherwise it's a very good performing router. Don't believe "better coverage and throughput" with newer more expensive routers. Most common clients are 2-stream AC and your AC86U is more than enough. It can do >500Mbps on Wi-Fi. The coverage of AX86U, the current forum favorite model, is about the same as AC86U. I have both to compare. Both work exactly the same way to AC clients. Be smart and don't overpay for promises and advertisements.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top