LF Router ($<200) Possibly higher than Gigabit LAN, Low latency!

Hello community! I am really enthusiastic about OpenWRT, and I was previously using FreshTomato before it stopped functioning with the latest (2020.8) update. I spent some time in your IRC channel and got some good support from PaulFertser, but we could not get my router working and I have decided it is time for a new one. I have been through your pinned threads and I did not see anything relevant yet.

Here are my requirements:
+I have a 25mbit-D/3mbit-U broadband connection with unlimited data. It is with Xfinity, so there is a lot of packet inspection and possibly even sabotage going on with my connection. I just upgraded to unlimited data and am likely using 2.5TB /mo. I have a required Xfinity gateway modem, so I only need a router.
+I had an always-on VPN using FreshTomato, and I would like that as well with my new OpenWRT router. The VPN runs with OpenVPN, but it would be nice to have more options. It should have a requirement for VPN (through OpenWRT), with no WWW access without the VPN being on. IPv6 support is necessary.
+I have been running with Gigabit ethernet for a while, but I would like to future-proof by getting at least two LAN ports with 2.5gigabit connections. I have several devices I am working to get hooked up with rsync and other Linux-based network transferings. This condition may not be realistic but I was hoping this community knew of more routers than the few I had seen with this.
+I would like 2 USB-3 ports for at least 1 USB-HDD in SMB.
+I am the only person using this router (except for guests) and I likely have 2 always-transferring LAN devices, 5 semi-on LAN devices, and about 11 different wifi devices that are used irregularly. This would mean that I would require more than 4 LAN ports, or I will continue to use my 8-port Gigabit switch.
+I am serious about p2p, and so the router would be good at handling bittorrent overhead for possibly hundreds or more torrents looking for leechers.
+Other services: It would be nice if this ideal router included support for a USB-HDD over SMB and future-proofing for other services.
+My price range is up to $200 USD and I am willing to buy second-hand.
+My preference is for newer devices that will have longer support.

In addition: I would very much prefer a router that has low latency! I play games sometimes and if I am connected to an East Coast server, I do not wish for a few more ms through my router to slow I down. Lastly, it would be good if this router and/or OpenWRT had the option to let a single PC through my always-on-and-mandatory VPN for gaming purposes, again for reduced latency!

Of course, this ideal router would have 100% full OpenWRT support, because I am serious about learning this and sticking with it.

Thank you for reading, and I look forward to your recommendations!
Just to be very clear about this aspect, which is among the most important ones of your project.
Do I understand you correctly that 25/3 MBit/s is your current WAN speed, now and for the foreseeable future?
What are the prospects in terms of WAN speed for the next ~3-5 years?

Finding a decent router for <100 MBit/s connections, even with SQM and busy-throughput isn't going to be that problematic (VPN is another topic) - but anything significantly beyond that is going to be difficult and much more expensive than your prospected budget (the real problems start in the 300-500 MBit/s range without SQM/ VPN, below that with SQM/ VPN in mind).

The rest of your questions kind of hinge on the answer to that.

Keep this aspect distinct from your router (unless you need >1 GBit/s WAN speeds within the next ~2 years), it will probably bust your budget anyways. Just add a nice managed switch covering your required aspects to your long term wish list (easy for 1000BASE-T, but 2.5GBASE-T/ 5GBASE-T or 10GBASE-T are still prohibitively expensive for a home budget).

A router is a router, is a router - not a server. You really need to keep these services separate, if you value security and maintainability. Don't get me wrong, I do like the option of USB ports on my routers, but I'd never expect to really use them (tftpd backend for your VoIP phones or connecting a USB printer being pretty much the most I'd ever push towards those).
These services are much better suited by a small x86_64 based NAS and a general purpose linux distribution, respectively a dedicated SBC (RPi, Allwinner/ sunxi, Rockchip, etc.) ARMv7/ ARMv8 board.

Any decent router with some headroom in its hardware specifications shouldn't have much of a problem with that - as long as the actual torrent client is running on some other device (look above at the server tasks).

Thanks for the reply!

I very much suspect that my WAN speed will not go anywhere above 50mbit in the next 3-5 years.

The 2.5Gigabit wish is just that of someone who has seen Gigabit networking for a long time and doesn't understand why 2.5Gigabit isn't more common. It is unlikely to be used, and with the SATA-HDD I am using for the most of my storage, it is unlikely to be a problem to just use Gigabit.

It makes sense what you are saying about USB ports; I actually have one NAS and one custom-NAS, I just do not keep them running all the time. Perhaps it is possible to have something small and does its own processing to keep on the router? This would be a good in-between for PCs that are not always on at the same time, while allowing I to turn off my NAS most of the time.

Good to read about the p2p. I was getting some seriously reduced bandwidth earlier on my current router when I had 250+ torrents just "inactive seeding," so I wasn't sure if it was my router, my WAN connection, or my settings.

[Disclaimer: I'm only taking routing+SQM+VPN into account below, not any of the additional services you might be looking for]

Given this WAN speed, ipq8065 (e.g. Netgear r7800 or ZyXEL, 2*1.7 GHz ARMv7/ KRAIT300 ~= cortex A15) should cover this easily (actually being overkill), but considering OpenVPN (which, compared to wireguard or IPsec is extremely CPU intensive) and SQM for a majority of your heavy duty throughput, I wonder if that really suffices in the routing+VPN+SQM capacity[0]…

If you're really stressed for top performance, an ARM SBC like the RPi4, or the NanoPi r4s (patches available, not merged yet), maybe also the NanoPi r2s, might provide more headroom. The former is usually meant to service 1 GBit/s line speed with SQM, I don't have figures for OpenVPN.

Normally, just about any contemporary ath79 (~720-750 MHz single core mips) device for two tenners (used) would cope with this throughput including SQM easily, but not at all with OpenVPN on top. The same goes for mt7621a (2*880 MHz mips), easily coping with routing and SQM, but not OpenVPN at full speed.
ipq40xx (4*716 MHz ARMv7/ cortex A7) devices for around 80 EUR/ USD could do either SQM xor OpenVPN (just barely) at the required speeds, but I'd worry about both at once.

Exchanging OpenVPN with a less CPU intensive VPN protocol (wireguard in particular) would improve the odds by a lot.

Personally[1] I'd probably take my chances with ipq8065 and see how far i'd get, while keeping the RPi4 or NanoPi r4s alternative (retaining the selected router as AP and managed switch) in mind. ipq40xx could be a decent budget alternative, if the requirements would distribute themselves nicely over the four cores. If ipq8065 sufficies on its own, that would even new remain in budget - so could a SBC+ipq40xx as a two-device solution (with some caveats in the managed switch/ VLAN domain).

[0] my gut feeling suggests 'yes', but I still worry. Without SQM/ VPN, ipq8065 is good for up to 500 MBit/s, 650 MBit/s if you push it - but SQM and VPN, OpenVPN in particular, are heavy on the CPU. Just one of them would be easy, but both at once, pushed 24/7 - hmmm…
[1] Disclaimer: I'm not using SQM, nor an OpenVPN uplink myself, I did use IPsec/ IKEv2 and am using wireguard as server (but can't push it to the limit, as the remote end(s) is significantly slower than the abilities of my router).

Thanks again for your response!
I have been looking at IPQ8065-based routers and I am not finding a lot of information about them. The r7800 seems to be a popular router, but I am coming from an r7000 and I don't see how it would be much different from my current one, in terms of hardware or quality-control.
Also, I am really bothered that this router came out in 2016.

I found one router that I was really interested in, the: Turris Omnia 2020 2GB But it is really expensive.
So while my main concerns are LAN traffic and Low latency along LAN, another is that it be a relatively recently designed product.
I have gone through about 20 different routers while searching for best rated routers, and I even found a page that lists routers specifically good with OpenWRT, the one I just purchased is from that list. I confirmed it on the OpenWRT web page, and I expect there will be no problems with it.
The one I bought is this one: Linksys WRT3200ACM Router. It is also from 2016, but about a few months younger. I spent about $190 USD on it, including tax.

I suppose it is still possible to cancel the order, if you feel that this would not be an effective router for my needs. I have been without wifi for several weeks though, and also several of my projects are being held up by lack of router-based function. If you have no criticism of that choice, thanks again for your posts!

The wrt3200acm is fast and well supported (faster routing performance than ipq8065, minimally slower CPU (VPN)), but its wireless side is …not good…, with many interoperability issues (IoT/ esp8266/ esp32 in particular, WPA3 broken, etc.) and no chance for future fixes.

If you'd only use it as a wired router, it will be good - but its wireless issues make this impossible to recommend.

It is very likely I will only be using it as a wired router, with the some-time use of wifi for my smart lights and cell phone. But all of the important devices I use (that can be) will be wired.
Are there any other routers in this price range that will do all of that? I don't feel qualified to use a raspberry pi or its derivatives to make my own, heh.
What do you think about the Turris Omnia 2020 2GB? Is it possible that one would be worth the $334 price?
Thanks for your reply!
I own the turris omnia 2016 (original cowdfunding version) while it's a great device for the 130$ I've paid for it back then (my version is 1GB ram and no-wifi) it doesn't justify the current 334$ they're asking for it as it's SOC is somewhat outdated (Marvell Armada A7).
You can easily get an rpi4 (even with its current regression issue) and an used AP to get to the same level of performance

mwlwifi (marvell wifi) can be problematic with smart lights
the qca wifi can be also problematic but at least you can test 2 different driver (the original 99% works) and the driver is actually maintained

Sorry, everyone, for the lack of responses! I am serious about WRT and I've been in the IRC chan, but I couldn't remember my password for the site and then I got really busy.

Against the good advice of this forum, I purchased the Turris Omnia 2020 AND the Linksys WRT3200ACM.
I purchased the Linksys first, hoping to get a quick and WRT-well-supporting replacement, but then I changed my mind and purchased the Omnia after the Linksys had shipped. At this moment, I can return the Omnia but not the Linksys, unless I can convince eBay that the Linksys was different than what the seller advertised. I will sell the Linksys on Craigslist or FB Marketplace if I cannot return it and don't choose it.

Last night, I got some free time and I did a comprehensive evaluation, to the best of my ability, of my old router (no WIFI), the default gateway, and the two new routers. I feel the results are a bit inconclusive although they lean towards the Omnia 2020 as being the fastest. The link is here and it is an OpenDocument Spreadsheet. I would appreciate any review of this and help with drawing a conclusion. I feel that there is a lot about these tests and results that I don't fully understand.

Despite the high price tag, I feel that the Omnia 2020 has interesting features such as the auto-updating firewall and the additional RAM. I did read about the RP4 and the AP, but I didn't know what that meant or how it was possible until a while later. If it is indeed possible to have all of the features of the Omnia 2020 with an RPI4, then it would be simply dumb for I not to try it. But I would ask for a suggestion as to a used AP that I could hook up to it. The Omnia is faster than the other routers and would likely be faster than an RP4.

The one problem I am having with the Omnia, which is connected right now, is with p2p via my "Eddie" OpenVPN GUI Client on my PCs. From the spreadsheet, p2p works perfectly fine on the Omnia unless it is going through the Eddie application, regardless of OS. My p2p maxes out at about 3.3MB/sec in VPN, but through the Omnia I am getting around 500-1000 KB/sec. I am suspecting that the Omnia is not adapted well to this configuration and is blocking it somehow. Even though my p2p traffic is low, the other PCs are rather slow as well! The Omnia uses an optimized OpenWRT setup, so perhaps I will ask in the IRC channel!

Thanks again for reading and please evaluate my spreadsheet!

switches tend to be gigabit, or 10G, and the 10G are super expensive. It's reasonable to use just gigabit switches for the next few years, use a LAG group to link two links if you need faster speeds between two points (like your desk and a server closet or something).

Either one of the new routers should have enough CPU to be the "whole house" VPN client.

The R7000 could be put back into service as a wifi AP, using stock firmware. That should have good compatibility with IOTs. Set up a guest network in your main router for it so you can heavily firewall the IOTs.

I was previously using a router-based VPN, and am keeping that option open.

I use OpenVPN, so let I clarify:
+I need certain devices to be network-locked to my OpenVPN connection: if it goes down, they must have no traffic.
+I also would like certain devices to be free from the VPN, for latency and geolocation reasons.
Is this possible in OpenWRT?

The thing about the RP4 + AP is that these two routers are specifically designed for this purpose, and are filled with lots of circuitry. I have a hard time believing that a RP4 can do the same work minus the wifi/switch. I am familiar with a Pi-hole, but that is a totally different level of function. Would the latency be as low? Would the network be as speedy? Would there be QoS?

routing (unless offload is in play) is (predominantly as far as openwrt is concerned) upper OS these days...

switching on the other hand... the pi cannot do (as efficiently)...