WireGuard router for 1 Gbit connection

[casper]

Yes - I know not to expect to max out the connection's capacity on an AIO router

I'm moving into a new place with this connection. I want a router that handles WireGuard satisfactory. I know nothing about routers and I can't find a directory of routers that are well suited for it. I haven't ever paid more than 60€ for a router before, but it is now that I've gained an interest in VPNs so I don't know what I have to spend for a good experience. I've been seeing the Asus RT-AX86U and GT-AX6000 recommended a lot, but they're both 280€+ here so I'm asking if there are any cheaper models that would suffice? Normally three clients, peak five.

Best regards!

 

[drinkingbird]

Yes - I know not to expect to max out the connection's capacity on an AIO router

I'm moving into a new place with this connection. I want a router that handles WireGuard satisfactory. I know nothing about routers and I can't find a directory of routers that are well suited for it. I haven't ever paid more than 60€ for a router before, but it is now that I've gained an interest in VPNs so I don't know what I have to spend for a good experience. I've been seeing the Asus RT-AX86U and GT-AX6000 recommended a lot, but they're both 280€+ here so I'm asking if there are any cheaper models that would suffice? Normally three clients, peak five.

Best regards!

An x86 based opnsense or pfsense router will have the best performance for any VPN. Barring that, get the best/fastest CPU you can afford in an Asus. Number of cores isn't as important as the speed of the cores in this case. You won't be able to hit 1G but your VPN provider probably can't hit that anyway.

 

[Tech Junky]

@drinkingbird is spot on with x86. Nothing off the shelf will do much more than 600mbps with the cheap low power CPUs they have inside. I rill my own Linux box as a router and when I had a gig connection I was getting close to 1400mbps out of it and Nord for the VPN kept up. Take the $300 and build something better.

 

[casper]

An x86 based opnsense or pfsense router will have the best performance for any VPN. Barring that, get the best/fastest CPU you can afford in an Asus. Number of cores isn't as important as the speed of the cores in this case. You won't be able to hit 1G but your VPN provider probably can't hit that anyway.

I've found Asus' naming schemes and different models really confusing, do you know of a dictionary of routers supporting AES?

Do I need AES for WireGuard at all or is it only important for OpenVPN?

 

[drinkingbird]

I've found Asus' naming schemes and different models really confusing, do you know of a dictionary of routers supporting AES?

Do I need AES for WireGuard at all or is it only important for OpenVPN?

Nope, wireguard does not use AES so you don't need to be concerned with which Asus have hardware acceleration for AES (most of them do I think).

Even the ones that do, it only benefits IPSEC VPN server mode, not client.

For wireguard, it will come down to raw CPU power. Even x86 CPUs do not have any hardware acceleration for ChaCha and the other options Wireguard has, but the processors are much more powerful and support multi-threading (the asus doesn't) taking advantage of all the cores.

 

[casper]

Nope, wireguard does not use AES so you don't need to be concerned with which Asus have hardware acceleration for AES (most of them do I think).

Even the ones that do, it only benefits IPSEC VPN server mode, not client.

For wireguard, it will come down to raw CPU power. Even x86 CPUs do not have any hardware acceleration for ChaCha and the other options Wireguard has, but the processors are much more powerful and support multi-threading (the asus doesn't) taking advantage of all the cores.

Thank you! What kind of CPU should I be looking at to handle 1Gbit, then? I'm looking at Dell Optiplexs. And would I just get any expansion cards - one with NICs and one with WiFi? Anything to consider here? Will entry level WiFi-cards struggle to keep up?

 

[Tech Junky]

one with NICs and one with WiFi? Anything to consider here? Will entry level WiFi-cards struggle to keep up?

You'll need a nic because it only has one port. I use a qnap 4 port 5ge but you can pick up Intel quad port gigabit for $50. Gives you a wan and three lan to use.

For wifi it's easier to just use an AP that plugs in and there's your WiFi.

 

[casper]

You'll need a nic because it only has one port. I use a qnap 4 port 5ge but you can pick up Intel quad port gigabit for $50. Gives you a wan and three lan to use.

For wifi it's easier to just use an AP that plugs in and there's your WiFi.

>Intel quad port gigabit for $50

Can you show me an example? All dual+ NICs I find are 80€+ here. Does an unmanaged switch work?

 

[Tech Junky]

eBay for the nic. https://www.ebay.com/itm/285422554697

Unmanaged switch would work as long as you have a 2nd port to plug into as the other will be your wan port to the ISP.

 

[drinkingbird]

>Intel quad port gigabit for $50

Can you show me an example? All dual+ NICs I find are 80€+ here. Does an unmanaged switch work?

You may want to consider a smart switch, typically not much more expensive, so that you can use VLANs and isolate your network into regular, guest, IOT, etc.

 

[Tech Junky]

You may want to consider a smart switch, typically not much more expensive, so that you can use VLANs and isolate your network into regular, guest, IOT, etc.

Or just bind the macs via DHCP per vlan in the config. A little tedious on first setup but cheaper.

 

[drinkingbird]

Or just bind the macs via DHCP per vlan in the config. A little tedious on first setup but cheaper.

Technically not isolated though, someone with a bit of knowledge could change their IP to another vlan. Plus you won't be able to extend it to APs easily etc. 8 port smart switches are under 30 us, assuming euro prices are similar.