Affordable high-performance & low power hardware


my first contact with OpenWrt was approx. 2 decades ago, when I installed it on a Linksys WRT54G. That device still does it's job! But finally I got some decent speed Internet (500/50Mbps) and the need for traffic shaping and the wish to move VPNs from the clients to the router arised.

Looking for hardware I found potent x86 routers with GB's of RAM often costing 200€ or more. And there are the hackable off-the-shelf Wifi routers, often costing less than 50€. There should be some inbetween? I hope to spend less than 100€, but if it's 110 or 120, so be it.

My requirements:

  • must be available in the European Union
  • must be able to do routing/NAT/traffic shaping for 1Gbps full-duplex
  • must be able to handle several VPNs, totalling at least 100Mbps (better 200Mbps) of sustained traffic
  • should be officially supported by current OpenWrt release
  • there should be hope that it will be supported a few years into the future
  • should use less than 10W on average. Less than 5W would be nice.
  • must support VLANs

Not a requirement:

  • integrated wireless
  • specific architecture like MIPS/ARM/x86

My guess is, that I don't need lots of RAM or storage but that the CPU must be capabable?

I'm looking forward to hear your recommendations.


Modern N95/ N100 based 4-port router PCs start around 130-250 EUR at the usual suspects shipping from the far east.

1 Like

I've got one of the N5105 4x2.5 GbE boxes, so older generation than the N95/N100 boxes that @slh mentions, and it's averaged 8.8w over the past 10 months or so with two active ports (driving the NICs can be a significant part of the power budget, so always ask how many lines something is running when power is mentioned).

There's an active megathread over on STH about them:

1 Like

Lots of good info here too: What's your favourite cheap LEDE/OpenWrt device? - #646 by timothyjward

1 Like

What specific crypto suite do you have in mind?


Thanks @slh for the links.

Perfect, that's what I'm looking for. Going to read into the STH thread.


While looking into the Raspberry Pi solutions, I noticed that the 5th iteration is right around the corner and supposedly significantly faster than the 4th. Maybe it's worth waiting or it? I only need 2 ETH ports anyways.

Thanks again for pointing me into some directions ... still reading...

In terms of pricing and features, the RPi ecosystem is at best on par with modern x86_64 firewall systems, while the later gives you more margins and might even end up cheaper in practice, if you count all necessary components you'd have to buy in addition for the RPi (case, PSU, network card(s), sdhc).

Once upon a time, when the RPi4 was very new on the market and actually available on the market for ~35-45 EUR (+15 EUR PSU, +15 EUR 2nd network card, +5-8 EUR for an sdhc card, +10 EUR for a simple case), it has been a competitive contender - these days, not so much (at all). Don't bet on future device support, ever, always prefer devices that are already supported right now (at least in master snapshots) - unless you're ready to dive head first into the development and finish what others might not have finished (if the RPi foundation's track record is anything to go by, licensing it not part of their strong fortunes). Yes, the RPi5 will be better, but it doesn't really improve anything relevant here (still 'only' one 1 GBit/s port, while you can get four 2.5GBASE-T ports on the aforementioned x86_64 systems, no standard PCIe/ M.2 slot for a second one, pricing has risen considerably; availability is still castles in the air).


You're echoing my recent feelings pretty well there. When they first came out and were all about education and community, I was a big RPi booster. For the past year or three, they've migrated towards business supplier and mo' money, and I've grown to dislike their stance quite a bit. (Hey RPi Foundation, use your muscle to open up those Broadcom blobs!)

For long term support, future proofing and robustness, I'm definitely in the x86 camp.

1 Like

No, I strongly against Pi4/Pi5 solutions for now, there are CM4 (not sure about CM5) solution that allows breakout and use non-USB ethernet, but this is expensive, normal Pi4/Pi5 you have to use USB ethernet which is bad (well technically you can use the PCI-E on Pi5 but more custom expansion means bigger form factor).

In case only 2 ports needed, you can consider NanoPi R4S, I hardly see it consuming > 5W, and I had it on my 1G up/down fiber with full speed routing/NAT, and it comes with metal casing for passive cooling which is nice (my country had a 40C summer time and it sits inside a closet without any problem). With 4G ram I've even created a LXC with PiHole on it for AdBlock. VPN speed is great, I didn't test myself but YouTuber has done test with Wireguard which shows at least 800Mbps, while OpenVPN you can still get > 200Mbps thanks to the on chip hardware accelerator.


Thanks for your advice, I won't go with the Raspberry Pi solution then. The NanoPi R4S sounds very interesting though.

Question about the R4SE:

  • is this version with eMMC supported as well? It's only mentioned once on the wiki page and not listed in the hardware guide.
  • will I be able to boot from sdcard as well or must I use the eMMC?

Since you want it to handle traffic shaping at 1G full duplex, I'd say the minimum you should do is an N100, although I'm pretty sure by the time you add SSD and memory, they exceed your 100 budget by quite a bit.

1 Like

It's not tho. At gigabit speeds on a Pi4 USB ethernet works perfectly well (chipset dependent, but that could also be said for PCIe).

1 Like

eMMC not supported, don't waste money on it. You can boot from SD card but why paying more to get something not usable?

1 Like

there are these n100 boxes with 8GB ram included (~110 euros shipping incl) and wouldn't waste money on ssd for 100 MB images - just boot it from an usb key


Thanks to all of you! I got an R4S now and it's a really nice device:

  • high quality enclosure with good heat dissipation
  • very easy Openwrt installation
  • low power, doesn't get too hot
  • able to sustain 200Mbps with tailscale (which uses slower userspace wireguard, not kernel wireguard) while simultaneously running cake-autorate @5Hz

As soon as I get the upgrade from 5G to FTTH I'll invest in an x86 router using the R4S as an emergency spare.

And I love Openwrt so far: UCI/LuCI working really well, all configuration consolidated in one directory, easy backup and restore of config even across platforms, very good documentation. Awesome project. I'm used to bigger open source projects having higher quality than proprietary software but still I'm impressed.

I was on FTTH 1G up/down with R4S and it works perfectly, unless you are going over 1G otherwise you can just keep using it. On my previous setup I even put PiHole inside the LXC to get more utilization of R4S.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.