Hardware request and blocking YouTube ads

So I am looking to upgrade my wifi router. My requirements are:

Gigabit speeds (lan and wifi)
Ad blocking (especially YouTube on TV and phone apps)
VPN support (server side, extremely minimal use, one client only, used to manage network and connect to home PC).
Possibly as a dlna or media server through usb HDD (so USB 3.0)

Currently I have a western digital my net n750 running openwrt but this can no longer support my internet speed.

I have browsed the supported hardware list and nothing really stands out to me in the sub $200 range. Asus routers looked good except for proprietary drivers. TP-link seems good as well but is a marginal upgrade seeing as how I don't have any AC devices.

I have thought about buying an unsupported device and using my current hardware as a wifi repeater, gigabit switch and dns server for ad blocking but then I lose the advanced firewall functionality and all the other goodies stock firmware lacks.

So I am at a standstill. Does anyone have any advice? Anyone know where the future of ad blocking is going? I am really tired of my toddlers crying when their abc song is interrupted by some obnoxious advertisement aimed at adults.

x86_64 or mvebu, the more important VPN performance at 1 GBit/s line speed are to you, the more the tally shifts towards x86_64.

Thank you for replying. I will look into those options. VPN speeds are not important. Certainly do not need gigabit speeds. 50mb/s is more than adequate for my VPN needs.

This is only partially correct, server or client instances have relatively symmetric hardware requirements. Where it might make a difference is the expected utilization of them, depending on your usage scenarios. In a home or SOHO setting, you typically only have few incoming VPN sessions, which only saturate the tunnels moderately (even more so with split tunnels) - the more common client connections to external VPN servers however involve tunneling virtually all traffic of multiple clients through the tunnel, thereby often pushing more load on the hardware.

While you might be convincing and enthusiastic about it, your statement is still incorrect - or at the very least misleading.

The encryption/ decryption algorithms between server and client are the same[1], both roles need to encrypt and decrypt the same data, using the same ciphers, even the routing load will be roughly comparable when using the gateway (router) as VPN client for multiple stations behind it. Again, where it does matter -a lot- are the typical load patterns, the utilization (few incoming tunnels with relatively little throughput to your personal home gateway, versus tunneling a complete subnet with multiple stations; obviously this is a different matter for the remote end[2] servicing multiple of these fake road-warrior clients).

But as this ventures far beyond the topic of the original poster, who already clarified that wirespeed VPN servicing is not required (suggesting more home-like usage, which might still be pretty taxing when servicing multiple active stations as a client to an external VPN service), I'll refrain from further nitpicking here.

[1] OpenVPN and IPsec usually use symmetric encryption (AES) for their encryption, only handshake and rekeying are secured by asymmetric encryption (to establish a (short lived) symmetric session key); the same is valid for WireGuard, just with ChaCha20 or Poly1305 instead. Obviously there is additional load using asymmetric ciphers during the initial handshake and regular rekeying intervals, but that isn't part of the equation for the bulk data encryption/ decryption.
[2] your typical off the mill commercial VPN provider, with dozens, hundreds or thousands of users on a single server.

What slh says is pretty much what you can expect, running for instance a webserver with HTTPS might be another story however.

To get back OT! Heres what I have. I have a wrt3200acm as my mane router and run BanIP and Addblock to block all the shitty ads. Then I have a TP-Link C7-v2 set up as a dumb AP. I played around with the wifi on the wrt3200acm for a long time, but it's just not up to handling all the devices I have in my house. You could get a wrt3200acm and set up the n750 as a AP. As for a dnla server you could use a esata drive connected to the wrt3200acm, but I am not shure how well that will work. Or get a nas. I think that a R-Pi would be slow used as a nas as all the things on it run over the USB bus. If you want the flat out best from your hardwair then X86 is going to be better than any router you can buy off the shelf. Then you have to ad in the cost of APs or just use old routers for APs. Good luck.

Afaik DNS-based blocking doesn't work for YouTube anymore, as ads are delivered from the same servers as actual content. Only works with browser plugins.

You should split your questions into Hardware request and Youtube ad-blocking.

Thank you all for the helpful responses. At this time I have come to the conclusion that a homebuilt unit is best for my situation. I am still considering the other devices mentioned for use as wireless access points.

As for ad blocking, I have been pretty sure no network wide solutions exist currently.

1 Like

What's your speed??

I've used these on connections up to 300 Mbps.

You're looking at an x86_64, likely - as you said, homebuilt or a mini device.

I upgraded from that to a Meraki MX60W (gets about 600 Mbps). Both models still suit my needs, although it seems you need something faster, correct?

My connection speed from the ISP is supposed to be 200mb/s. Speed test says I am only getting 125. My modem is supposed to Max out at 195 and I've read the n750 w/ openwrt is only capable of 10/100 through NAT due to propietary coding. I assumed the router was the bottleneck since my internal Network is gigabit but now you have my curiosity piqued.

I have already sourced a new modem and I have some cat 6 Ethernet cables. Sounds like I need to plug directly into a new modem and see if the bottle neck is my network or the ISP.


Try plugging a laptop directly into the modem/Ethernet demarc - then perform the test.

That's the plan once the new modem comes in. Since I am replacing it anyway, I figured I'll start troubleshooting with final hardware.

1 Like