New Router Selection ....

Well, I figured this was sufficiently "off-topic" to put in the lounge BUT sufficiently on topic to post on the LT boards. The router lets me "access" my data .... 

Now that I have completed my Main and Backup Builds I have noticed that my router is looking quite .... old. I have a WNDR3700v2 with a BETA looking (but latest for that model) dd-wrt flashed to it. I recently became concerned with the lack of updates for the fiirmware especially as I run sshd and openvpn (inbound and outbound) etc. I also was having allot of trouble with IP tables and routing all traffic over a permanent (unless it goes down in which case I wanted to prevent ANY traffic) outbound VPN connection.

So I thought - surely there has to be a consumer grade / SOHO router now that has these features built in and configurable via a GUI. I also would like to upgrade my wireless speeds as my new devices have wireless a and I am still running wireless n. Also - the 5ghz channel has such poor range I dont use it. In short - all sorts of things I would like to fix!

So I thought I would ask the knowledgeable LT community. I am after a router I can buy that has the following features built in stock:

VPN client (that will let me keep a permanent OpenVPN connection open to a provider and prevent traffic to the internet if it goes down).

OpenVPN Server for inbound connections

Dual band (at least - not sure if it is better now?)

Gigabit Switch

Good wireless range over all channels

SSH server (not essential as I can port forward to another box or VM if necessary).

Good Firmware support and regular updates

Good QOS options

Basically - everything that my current dd-wrt claims to be able to do BUT with a simpler interface and with more updates.

I was looking briefly at the ASUS routers which seem to run a flavor of dd/open wrt?? which makes me believe they "might" be as configurable as my dd-wrt flashed WNDR3700 BUT with some commercial support! Sounds good!

Has anyone any suggestions or comments?

Yes, the ASUS routers are some of the best recently. You can switch to tomato or just use the fixes from Merlin.

I love my asus router. Really nice. I don't even need dd wrt for it to be good enough for my personal needs.  Eric too recently purchased one.

Another vote for Asus here too.

I'm in the UK so use the DSL-AC68U so I can't flash custom firmware to it on account of the built in dual modem for DSL or Fibre.

I also had a Netgear the same as yours was a big fan of Netgear stuff but decided to take a punt on Asus and to be honest I prefer Asus.

OpenVPN with dynamic DNS support out of the box, saves me having to mess around installing it on my Unraid box. 

Yes, the ASUS routers are some of the best recently. You can switch to tomato or just use the fixes from Merlin.

I have just been reading about the Merlin-fixes. Seems like a good option for the ASUS routers - Stock plus fixes issues before ASUS does and then even ASUS incorporate the Merlin fixes in their releases!

I think based on what I have read this morning that it is going to have to be an ASUS router. The hardware on these suckers looks excellent!

I love my asus router. Really nice. I don't even need dd wrt for it to be good enough for my personal needs.  Eric too recently purchased one.

Which models do you and Eric have Jon?

Do you know if the firmware you run allows you to route traffic over your vpn only? What I mean is do you know if you can limit all traffic to traffic over an OpenVPN connection or nothing at all - with no dns leaks either?

Another vote for Asus here too.

 

I'm in the UK so use the DSL-AC68U so I can't flash custom firmware to it on account of the built in dual modem for DSL or Fibre.

 

I also had a Netgear the same as yours was a big fan of Netgear stuff but decided to take a punt on Asus and to be honest I prefer Asus.

 

OpenVPN with dynamic DNS support out of the box, saves me having to mess around installing it on my Unraid box. 

Ahh - I remember when I was in the UK! 10 Years ago now! /me is a Yorkshire sounding Aussie now!! :-)

I am forming a decision tree here. RT-AC3200 vs.RT-AC87U .....

http://www.wirelesspoi.com/asus-rt-ac87u-ac2400-vs-rt-ac3200/

Seems like the RT-AC3200 is FAR superior! Man it is BEAST though! At least it is aesthetically appealing!

OR there is the lynksys DID-890L. Nice comparison to the RT-AC3200 below!

http://www.hardwarezone.com.sg/feature-battle-ac3200-monster-routers-asus-rt-ac3200-vs-d-link-dir-890l/performance-conclusion-0

decisions decision .....

I think the 3200 is the one Eric has. I'll ask tomorrow when I see him.  Mine is a AC66U.

I know that they support OpenVPN as one of the VPN methods, but I have not yet configured it in the way you describe.

I do know that Eric has flashed his router to dd wrt, and he has been very happy with that config.

I am using an ac3200 with Merlin firmware and it is awesome.  Best router I've ever had.  The Merlin firmware ads some capability and he fixes a lot of the bugs.  When it first came out I think in January the firmware was a bit rough. Much better now and the smart connect seems to have been sorted out.  It's a bit pricey, but for me well worth it.

Yet another vote for Asus routers. My RT-N66U is still running strong after roughly 3 years. Great hardware and great feature set. I am also using Merlin firmware.

It's the only consumer-grade router I've ever had that doesn't require rebooting every week or two, and I've owned over a dozen. I just looked and the current uptime on my router is 248 days.

Do you know if the firmware you run allows you to route traffic over your vpn only? What I mean is do you know if you can limit all traffic to traffic over an OpenVPN connection or nothing at all - with no dns leaks either?

Not too sure about that and check out what people say about whichever router you decide on.  My current understanding is that no router possesses the necessary hardware to route all internet traffic across a VPN AND maintain the full speed of the internet connection.  VPN encryption/decryption is quite taxing on the hardware and consumer routers tend to lack the grunt to do this at full speed.

If that's your end goal then you're probably better off going for a pfsense build and a wireless access point.

Do you know if the firmware you run allows you to route traffic over your vpn only? What I mean is do you know if you can limit all traffic to traffic over an OpenVPN connection or nothing at all - with no dns leaks either?

 

Not too sure about that and check out what people say about whichever router you decide on.  My current understanding is that no router possesses the necessary hardware to route all internet traffic across a VPN AND maintain the full speed of the internet connection.  VPN encryption/decryption is quite taxing on the hardware and consumer routers tend to lack the grunt to do this at full speed.

 

If that's your end goal then you're probably better off going for a pfsense build and a wireless access point.

As far as leaking, that might be for you to adjust the routing table once the vpn tunnel is up.

Your question on maintaining full speed of the internet connection needs another data point. How fast is your internet connection?

Any hardware will have a limit on the amount of vpn encryption it can support. Question is whether you run out of internet speed or router cpu first. The routers have cpu sized for typical consumer workload. That may not include 1gbit internet running full encryption. More likely to be limited to something under 100Mbit.

I'm a big fan of Shibby over Merlin builds for Tomato.  Been using Shibby on Asus for years now.  Rock solid and tons of features... including sending everything over VPN.

I went from Asus, Linksys,.. to Mikrotik and couldn't be happier. It all works and always. It's a hassle to configure it but it's worth it.

The Linksys ac1900 is a pretty solid router when running the Kong DDWRT builds.

Do you know if the firmware you run allows you to route traffic over your vpn only? What I mean is do you know if you can limit all traffic to traffic over an OpenVPN connection or nothing at all - with no dns leaks either?

 

Not too sure about that and check out what people say about whichever router you decide on.  My current understanding is that no router possesses the necessary hardware to route all internet traffic across a VPN AND maintain the full speed of the internet connection.  VPN encryption/decryption is quite taxing on the hardware and consumer routers tend to lack the grunt to do this at full speed.

 

If that's your end goal then you're probably better off going for a pfsense build and a wireless access point.

 

As far as leaking, that might be for you to adjust the routing table once the vpn tunnel is up.

 

Your question on maintaining full speed of the internet connection needs another data point. How fast is your internet connection?

 

Any hardware will have a limit on the amount of vpn encryption it can support. Question is whether you run out of internet speed or router cpu first. The routers have cpu sized for typical consumer workload. That may not include 1gbit internet running full encryption. More likely to be limited to something under 100Mbit.

I have a 25/5Mbps fibre connection and I get pretty much all of that (2.7MB/s downloads). My engineer at work seems to think that this router will be able to cope with encrypting all that b/w! What do you knowledgeable people think?

If there inst going to be a CPU issue I think I am going to go with the 3200 and install the Merlin Firmware on it! It has everything I want PLUS I found this:

https://github.com/RMerl/asuswrt-merlin/wiki/How-to-Direct-Traffic-over-VPN-and-Drop-connections-if-VPN-goes-down

A guide to do what I want and direct all traffic over VPN and drop connections if it goes down!

EDIT: Doesn't look like this config would impede inbound connections either, so I could still run an OpenVPN Server too! Happy Days!

Bought the RT-AC3200. Woah - looks awesome!

Keep us informed as to how it works out.  :)

I will be in the market for a new router sometime this year.

Keep us informed as to how it works out.  :)

 

I will be in the market for a new router sometime this year.

Will do. Wasn't expecting to be able to buy it so soon BUT realised that I had been paying for my Airport parking while I travel with work for a whole year and not claiming it (thought it was included in my allowance) so submitted a claim before EOFY and got 1.2k back.

So, taken a day of my 8 weeks leave balance off and am going to load Merlin Firmware on it today and try the routing solution I posted earlier. :-)

Happy Days.

Going to +1 pfSense on a dual core Intel miniITX build, or similar... just make sure to get something with Intel NICs.

I'd like to suggest some form of EdgeRouter ...

It's a Linux based router with a nice GUI which will let you unleash the power of fq_codel out of the box.

Depending on how you use your Internet bandwidth, it may make sense.

For instance .. I was using pfsense to let me use my workstation for browsing, while downloading 'educational information' over usenet

The thing is I had to setup a whole bunch of rules and whatnot to make it work.

With fq_codel (provided by EdgeRouter), you basically tell it go .. and it will work.

And the hardware looks sweet !!

Disclaimer: I do not work for Ubiquity nor have an EdgeRouter router ... I have custom hardware, running an open source fork of EdgeRouter's OS.