[ale] Router Recommendations?

DJ-Pfulio DJPfulio at jdpfu.com
Fri Feb 10 12:44:07 EST 2017 

Don't use PPTP. It has been broken for years. This is well-know. Even
MSFT says it shouldn't be used.

Also, I'd be inclined to get a minimal number of ports on any router and
use cheaper switches if more ports are needed.

I have doubts that a Celeron can keep up with GigE a VPN. Most people
seem happy to get 50-80Mbps over openvpn on lower-end hardware like
this. I don't know of any VPN solutions which do much more and
definitely NOT at those price points.  Would love to hear/see people
with facts getting better numbers for $300 equipment.

Stick with Intel GigE NICs so offloading to the NIC can happen. Realtek
and others just don't seem to work well, from the reading I've done.

Know my $144 APU2 box only gets around 650Mbps in lab testing.  Didn't
test openvpn at the time, but other people with similar HW say 40Mbps.
https://forum.pfsense.org/index.php?topic=108231.msg612643#msg612643 has
some benchmarks for different ciphers.



On 02/10/2017 11:55 AM, Derek Atkins wrote:
> Hi,
> 
> I got my fiber upgrade installed the other day and it looks like my poor
> Mikrotik router just can't keep up.  When I connect my laptop directly
> to my AT&T router speedtest.net gives me 500/950 (don't ask me why it's
> only getting 500 down -- I plan to ask).  However, when I connect
> through my Mikrotik I get limited to about 150-200 up/down.
> 
> So I'm looking to replace the Mikrotik, but looking for suggestions.
> The two options I'm considering at the moment are a Ubiquiti Edgerouter
> Pro 8 [0] for $316, or pfSense installed on a 4x1Gb quad-core celeron[1]
> with 8G RAM and 64G mSATA SSD for $310.
> 
> My requirements:
> 
> 1) sustained 1Gbps throughput, even via NAT, tunnels, or other routing
> 2) GRE tunnel support (used to tunnel my class-C network)
> 3) IPIP (protocol 41) tunnel support (used for HE's IPv6 tunnelbroker)
> 4) Some VPN solution (IPsec/OpenVPN/PPTP, for when I travel)
> 5) IPv4 policy based routing so I can route my class-C over the GRE
>    tunnel and my RC1918 network via NAT (I'm pretty sure everything
>    does this)
> 6) IPv6 policy based routing so I can have some machines on the IPv6
>    tunnel and other hosts on an ISP-supplied IPv6 network and ensure
>    packets get routed out the correct method.  (my mikrotik doesn't
>    support this!) 
> 7) Multiple IPs (both v4 and v6) on an interface (I run both my class-C
>    and RFC1918 networks on the same LAN)
> 
> What do you all think about these options?  Which would be more likely
> to support my requirements?
> 
> Thanks!
> 
> -derek
> 
> [0] https://www.amazon.com/Ubiquiti-Networks-Edgerouter-Router-ERPro-8/dp/B00IA5J8M8/ref=sr_1_1?s=pc&ie=UTF8&qid=1486741909&sr=1-1&keywords=edgerouter+pro
> [1] https://www.amazon.com/dp/B01MEGSMRZ?psc=1
>

More information about the Ale mailing list