Looking hard at EdgeRouter X

[Ramias]

Getting very close to outgrowing my RT-AC68U running Merlin. I really like it But I'm nearly out of NVRAM and it lacks a few features I'd like to have.

I'm asking for input on if the EdgeRouter X (or another brand/make) router would be able to support this:
1. Site to Site IPSec VPN (to connect to an AWS VPC). Needs to support BGP. I've read that folks have gotten EdgeRouter X to work for this; Asus can't really do it. This and the NVRAM issue are the main drivers for upgrading.

2. 80+ DHCP Static Reservations including host names (also displayed in GUI)

3. Ability to SSH to router from LAN and tunnel SSH through router (from outside) with certificate authentication

4. Ability to VPN to router (from iOS) via either IPSec or L2TP or IKEv2 and authenticate with a soft cert (I can install on iOS using the iOS management utilities) (Using OpenVPN today with a cert but would like to use standard OS VPN clients if possible)

5. Manual ad blocking/DNS blacklisting etc; if it can do pixelserv-tls like I have set up on Merlin that'd be awesome.

I may look at some Ubiquity Unifi gear in the near future for "campus style" wifi in my house (better coverage, same SSID with easy roaming). I especially like their in-wall access points that replace a current wired wall jack. I understand the EdgeRouterX is not part of the Unifi line and they have a separate USG router but it is feature limited compared to the X.

Thanks all

 

[System Error Message]

mikrotik has their equivalent, the RB750gr3 which is better than ubiquiti's variant. It will do all you ask except if you want DNS blacklisting you will need a script if you want to update it regularly which can get complicated as mikrotik scripting is less colourful than scripting on linux. You can input static entries for DNS but if you're gonna be blacklisting thousands of entries, you may want a script for that instead. The only other problem with mikrotik is that you will have to set up the certs as well which can be complex and annoying. There are tutorials for this but i havent managed to get mine working.

I dont know why but many seem to hate the ER-X, either thinking its the old single core MIPS or that it is too buggy, personally i dont see an issue with the ER-X as long as its the same hardware as the RB750Gr3 also known as hEX 3

 

[thiggins]

You'll get better answers to your questions over on the Ubiquiti Community forums.

I will say for the things you want to do, you will need to be comfortable with the command line interface. This is not a product made for configuration by networking novices.

 

[Samir]

A lot of what you're asking for is well-beyond the Asus and goes into enterprise gear (especially with the BGP requirement).

For enterprise gear, you're looking at the Fortigates of the networking world. The ERL lineup does a lot of what the Fortigates, et al can do, but as Tim mentioned, it is a lot of command line configuration to get a lot of this working.

We actually use a watchguard m200 that can do all that you're looking for, but if you look at the price tag for this thing you will definitely get sticker shock.

However, even the xtm22w we upgraded from had these features. In fact, all of watchguards products basically have the same features, just some have more limits than others on how much they can handle. You might be able to pick up a used one that fits the bill for you.