Choosing the best budget VPN router for home use

Assem · March 2, 2024, 1:47pm

I'm on the hunt for an affordable router that can serve as a dedicated VPN router, positioned between my FTTH modem and various home devices like a PS5, PC, and smartphones. My FTTH connection offers speeds of 100/10 Mbps. I'm planning to use custom OpenWRT packages, specifically OpenVPN/Tailscale, and I'm considering adding an ad blocker and possibly Watchcat. I might also compile a custom image to exclude unnecessary features.

After some research and considering what's available in my market, I've narrowed down my options to the following models:

TP-Link Archer C6 v3 - $56

Specs: 16MB Flash, 128MB RAM, Dual-Core, 880MHz
More Info

NETGEAR R6220 - $62

Specs: 128MB NAND Flash, 128MB RAM, Single-Core, 880MHz
More Info

D-Link DIR-1360 - $108

Specs: 128MB Flash, 256MB RAM, Dual-Core, 880MHz
Note: No official support, but it's reported to work. However, it's a bit risky.
More Info

Which of these would be the best choice for a VPN router, considering I want to maintain my connection speed without being bottlenecked by the router's specs?

frollic · March 2, 2024, 2:52pm

Where are you located, geographically?

I'd stay away from the C6, because of the 16mb flash.
The R6220 doesn't look impressive if it's really single core.

Assem · March 2, 2024, 4:59pm

I'm based in Egypt

Given my requirements, I'm wondering if a router with more than 16MB of flash memory is necessary?

The DIR-1360 seems like a solid choice, but the lack of official support is a bit concerning.

Between the C6 and the R6220, which one would offer better performance for VPN usage?

frollic · March 2, 2024, 5:06pm

Because Openwrt is retiring 8mb devices, starting next release, 16mb is next.
It won't happen today, but a couple releases into the future. And if you want to install extra software, 8mb extra isn't a lot.

But if you really need to choose between those two, I'd pick the C6.

Nihilokrat · March 2, 2024, 10:03pm

I second the C6v3 - just make sure you get a v3 and not a v4 (same physical casing but the latter is 8/64 Flash/RAM).

With Wireguard VPN you can get expect up to 140 Mbps over LAN and 5-GHz wifi, so using OpenVPN and the mentioned tools should work out with the connection speeds you are offered.

Assem · March 3, 2024, 4:25pm

How about Linksys WRT1900AC v2 ? someone is selling it second hand VERY cheap

frollic · March 3, 2024, 5:16pm

Good choice, but the wifi can be iffy, the drivers doesn't get support any more, and it doesn't like WPA3.

fakemanhk · March 3, 2024, 5:49pm

If you don't need WPA3, it's great one, VPN speed is fast, but WiFi driver doesn't really have much update (I own this one)

csharper2005 · March 3, 2024, 8:36pm

Too weak for OpenVpn. I'll be surprised if it reach at least 20 Mbit.

mk24 · March 4, 2024, 2:13am

The three in the original post are all the same CPU: MT7621. (the R6220 is the "S" version of the chip, meaning it has one core disabled). The MT7621 is not going to be fast enough for OpenVPN at 100 Mb. OpenVPN needs a lot of CPU power.

fakemanhk · March 4, 2024, 2:23am

That's why if OP doesn't care about WPA3 thing, the Linksys WRT1900ACv2 is good option because it has acceleration for OpenVPN

slh · March 4, 2024, 4:15am

The OP still needs to be aware that there are issues with mwlwifi (as in the WRT1900ACv2) beyond 'just' WPA3, these wireless drivers have always been iffy and difficult in terms of interoperability with other chipsets (in particular Espressif or other IoT devices!), DFS (better avoided) and many other issues, with little hope for improvements.

In a wired capacity, these routers are quite fast and reliable, the wireless side can be fast - but only if there is mutual agreement between all devices.

ValdikSS · March 6, 2024, 8:08am

Just FYI, you can use ovpn-dco (in-kernel OpenVPN implementation) to get much better speeds.

@fakemanhk

Not really, at least not explicitly to support DCO. DCO supports subset of OpenVPN functionality (namely only AES-GCM and CHACHA20POLY1305 ciphers, no compression, no TAP mode, no fragmentation).
Most servers are configured without these features and are compatible with DCO as-is.

fakemanhk · March 6, 2024, 9:14am

FYI, your peer needs to be updated to support DCO to get much better speeds.
An example, my VPN provider doesn't have this support yet, and while their customer support says it's in roadmap it won't be too soon.

csharper2005 · March 7, 2024, 5:35pm

What speed have you achieved with MT7621?