Should I get a Ubiquity Router or build a pfSense router?
I only buy from Newegg
I have Symmetrical gigabit fiber and no bandwidth cap. I have a VPN and want to split traffic between the VPN and the WAN. I want to do VLAN tagging to handle the traffic split. Tagged traffic for VPN only goes to the VPN. All other traffic passes through WAN.
I dont want to spend an arm and a leg. If doing pfSense, I need a decent chip that supports AES-NI OOTB.
If doing Ubiquity, I will handle the WLAN with a Ubiquity WAP.
I would like to keep the cost below $250. I supposed if I had to I could go a little above 250.
What you want to do basically can’t be done at that pricepoint if you want the VPN to saturate your gigabit link. Problem is OpenVPN is garbage software, and even a fast recent i7 can’t get much past 350Mbps, so you need to run multiple tunnels and bind them together, each on a separate CPU core.
If you’re fine with 200 to 300 Mbps you can do that with any recent atom/i3 as long as it has AES-NI, and that can be done at your pricepoint. I would suggest picking up a chinese QOTOM box with 4 intel gigabit NICs from Aliexpress.
On the ubiquity side, OpenVPN on their hardware maxes out around 50 Mbps. That is not a typo. If your provider supports IPsec that’s much faster, and you’ll probably get around 150 Mbps.
Over the next year or two many popular VPN service providers will start supporting Wireguard, and that will basically solve this problem. It’s faster than IPsec with the security of OpenVPN and also has lots of other little features.
No, really any 4 physical core non-atom CPU should be able to do it with 3 tunnels bonded together, if you want to go that route.
Routing and NAT is hardware accelerated so it should all work fine alongside the VPN. If you turn off hardware offloading to do stuff like QoS then yeah routing would probably slow way down.
As I understand it if I were to turn off hardware offloading to do stuff like QoS and didn’t use Open VPN or Ubiquity products, the speed of my traffic would slow down anyway.
Well, there’s some dual core and quad core arms (sounds strange calling them embedded).
Netgear R7800 for example, or Linksys wrt3200acm are good candidates with OpenWRT. (wrt1200acm gets close at 850Mbps), buy as you add htb classes and fq_codel and firewall rules that are needed for useful things, they start slowing down.
Meanwhile, atoms/celerons/pentiums/ryzens these days do just fine. (except with OpenVPN that even then is forcing you to give up either size or power or money to get up to gigabit).
Note that you can use OpenVPN with crypto disabled for regular traffic (used just for auth)… If you just want to get us netflix or BBC iPlayer or you want to get around the university firewall, it’s a good option.