The point about discussing VPN here is not as a way of anonymity or bypassing your local filters, its about the tunnel itself. People see VPN as it is marketed around rather for what it is, another network over a layer 3 network, and layer 3 networks run over layer 2 networks. You also get tunnels too that arent really called a VPN rather a point to point connection. The thing about performance for VPN and features isnt what most think.
There are 2 other things that matter for performance other than just routing/NAT for hardware which is encryption and encapsulation. Lets talk about an example of an ISP that uses a lot of layers just to connect to it. First when you connect the cable you gotta set your VLANs, then you set your PPPOE, then you have to NAT (also routing too). So taking a look at this you have VLANs which is a layer 2 thing, switch chips do this but on your router it is done via software instead as the WAN interface is directly connected to the CPU and not a switch chip (good practice to do). Then you have PPPOE which is a tunnel between you and your ISP (the network is crazy in wiring, so some way to differentiate is needed. PPPOE uses encapsulation and encoding (in some cases, encryption too), its basically the tunnel between you and your ISP over some crazy wiring network, and one reason that PPPOE is used is because the use of encoding and encryption helps improve throughput over lossy or lower bandwidth wires because you can also use compression (another math heavy feature). Then once you're finally connected to your ISP, your router has to do NAT and routing in order to talk to the internet via your ISP and handle devices/connections on both sides. This is literally the very basic thing needed at homes for internet, and all this is hardware accelerated nowadays because it is simply inefficient to do it via software especially for higher speeds.
then comes features, For example firewall, QoS, and other network related stuff, and for some non homes, BGP. What we should be discussing here isnt about VPNs or such, but rather the product line itself ubiquiti edgerouters, its software and hardware. I've always hated ubiquiti as a company because of their shady shareholder recruitment, and their product marketing is actually shameless or terrible. This is why we need people like this website to shed light on what segment their products are actually good for. I always say that the edgerouter line is good for homes for those users who want a balance between a linux router and a dedicated router.
If you wanted anonymity on the net you need both a multi node encrypted routing VPN (like tor's protocol for example not the network) combined with a dual sided https web proxy alongside some tweaks.
So getting back to the topic of this thread.
The edgerouter from my experience is bad at being a dedicated router or a good linux box, but it will be able to fulfil both roles. If you want the best of both worlds you're looking at combining mikrotik with a linux server over separate devices for example, this router isntead fulfils a niche in the home segment for those who want a flexible router that can both be a router and embedded linux both, its a bit better than a good consumer router at being a router (definitely leaps better over some), its not quite a linux server as many things wont work on it, but plenty of things can be used, even transparent squid filter cache, hotspot/radius server, and plenty other things that the CPU does a decent job running and will even run htop. Its interface is not user friendly, and doesnt expose the capabilities unlike what you'd find with mikrotik, juniper and pro cisco.
The hardware of the edgerouter is lacking. The MIPS CPU uses itself is pretty decent but it uses the lower end spectrum of the manufacturer but still way more than the CPUs used in those horrid VPN routers. The MIPS itself being somewhat decent at software, i'd put it to be better than ARM as ARM suffers from requiring things to be compiled for each CPU and software does tend to run better than some of the ARMs, it also comes with a lot of hardware acceleration which is the main highlight of the architecture, but dont expect good software performance for things the hardware doesnt cover. Compared to any VPN router or the cisco rv, the edgerouter is the best choice of all of them in both hardware and firmware both in performance and reliability.
If you're considering getting an edgerouter for VPN (or a VPN router either) then you're doing it wrong. The edgerouter is simply a flexible router, its basically best for the embedded linux box and router role at the same time but its not great at either one. This is speaking from experience ofcourse. It'll do VPN well as the architecture has the hardware acceleration for it, but to get it just because you want good VPN performance would be a bad reason as if you want good VPN performance theres no substitute to x86 if that is your only goal.
Other products at ubiquiti however are well worth more spotlight and consideration though than the edgerouter line, The main flaw of the ubiquiti edgerouter is that it is unsuited for the same customers as those who get mikrotik or pro cisco/juniper or who set up a fully featured linux box to use as a router/firewall but is marketed to those very same people rather than where their market actually would benefit from. Till now i have not seen an ISP distributing edgerouters but i've seen some ISPs distributing mikrotik or cisco boxes, which goes to show how important it is to market your product to its intended audience rather than the wrong audience. Ubiquiti consistently advertises speeds that cannot be kept with QoS and does not provide testing numbers that other brands provide more of and more relevant as Ubiquti's marketing is not relevant for its intended target.
