What router should I buy?

[wayner]

I am familiar with Asus routers as my last two have been Asus and I have been running Merlin on my RT-N66U. But I am having issues with keeping HW acceleration turned on and this is bottlenecking my internet service at 240Mbps - I should be able to get up to 325Mbps with my current service. In addition within a year my ISP will be offering gigabit internet. The CPU on the RT-N66U can't keep up with my internet speeds without HW acceleration so I would prefer something with a faster CPU.

My requirements:
Able to handle fast WAN speed of up to 1 Gbps
Able to run OpenVPN server (clients will be iOS devices or PCs)
Don't care about wifi as I have a bunch of Ubiquiti WAPs in my house.
Prefer to run Werlin firmware.
Don't care about ports as I have switches to handle that.

Or should I just build a pfSense PC based device.

 

[RMerlin]

All of Asus's Broadcom-based router will require NAT acceleration to reach near gigabit performance. The fastest ones currently on the market (AC87/AC3200) can reach around 400 Mbps without NAT acceleration, provided you don't use any additional features to slow things down even further (such as complex firewall or QoS rules).

 

[CooCooCaChoo]

You cold piece together a pfSense box but that would be quite a bit more expensive than a router. But the pfSense box would do much much more, which is a good thing. I've been looking at new hardware for such a box and its in the $600 range.

 

[wayner]

I probably have a PC that I could reuse as a pfSense box - all that I would require is one additional NIC - assuming that I would also use the onboard NIC. I know that it is generally recommended to use Intel NICs and it is quite likely that the onboard NIC is likely something else. But I guess there would be no harm in trying that.

The only question is how fast of a PC do you need to get close to 1 Gbps WAN-LAN throughput, and does it help to have a mulit-core or mutli-threaded CPU? This may depend on specifically what you are doing with the box. The pfSense hardware page recommends multiple cores with a clock speed > 2.0GHz for 501Mbps+ performance. I would likely just use two NICs - one for the WAN and one for the LAN that would connect to my 24 port switch.

 

[System Error Message]

The question is do you need to use any firewall or QoS with your internet and how much openVPN speed do you want. There are a few routers that will achieve gigabit throughput with openVPN.

 

[wayner]

I need basic firewall protection in my router, doesn't everyone? But I don't need QoS - when you have 250+ internet hopefully you don't need QoS. I don't need too much speed for VPN, but I would like to get my full speed when doing other internet activities.

 

[CooCooCaChoo]

I need basic firewall protection in my router, doesn't everyone? But I don't need QoS - when you have 250+ internet hopefully you don't need QoS. I don't need too much speed for VPN, but I would like to get my full speed when doing other internet activities.

Yeah, for sure. At 100Mb/s and higher, there really is no need for QoS for downloads, but since cable connections are typically asynchronous, QoS helps uploads while possibly hurting downloads. A full featured firewall like pfSense is probably overkill because the likelihood that you are the target of a hack is very low--you have nothing of value that a hacker wants, unless its personal or they are just poking around by accident.

 

[wayner]

pfSense may be overkill from a firewall perspective but that leads me back to: what router, other than a pfSense system, can allow you to fully use a gigabit WAN connection?

 

[Wutikorn]

I am familiar with Asus routers as my last two have been Asus and I have been running Merlin on my RT-N66U. But I am having issues with keeping HW acceleration turned on and this is bottlenecking my internet service at 240Mbps - I should be able to get up to 325Mbps with my current service. In addition within a year my ISP will be offering gigabit internet. The CPU on the RT-N66U can't keep up with my internet speeds without HW acceleration so I would prefer something with a faster CPU.

My requirements:
Able to handle fast WAN speed of up to 1 Gbps
Able to run OpenVPN server (clients will be iOS devices or PCs)
Don't care about wifi as I have a bunch of Ubiquiti WAPs in my house.
Prefer to run Werlin firmware.
Don't care about ports as I have switches to handle that.

Or should I just build a pfSense PC based device.

This (https://www.asus.com/Networking/RT-AC88U/ ) would solve your problem, it's even faster than Asus ACu87U with 1.4GHz dual core CPU compared to 1GHz dual core on AC87U. They say it could handle up to 1.8Gbps using dual WAN which mean 1Gbps should be possible. From what I see from design, I believe that this model perform better on temperature compared to AC87U and AC68U. In addition, there are several more functions available compared to RT-N56U such as Trend Micro and Adaptive QoS. When there are a lot of packets, not only your internet speed should be fast, but your router as well. In case that the router could not handle your expected speed on transferring packets, it will use priorities. Which, of course, it would be better to let gaming, video conference and web surfing packet go before just packets for downloading other large files.

 

[willyburz]

AC3200, just turn smart connect off until the firmware masters it.