Most powerful LEDE hardware for gigabit fiber

Most of the threads focus on low cost and wifi. Both of those are not the priority here.

I have dedicated APs for WiFI and I have gigabit fiber that I need to route. The network will need many VLANs as well as some VPNs as well. Is there any hardware you guys use that is actually capable?

I use a Qotom J1900 mini-pc running x86-64 Lede. No issues at all getting 900+ mbps across lan/wan. I also have a netgear r7000 running Xwrt-Vortex, and it's the same. Works great.

Get a PC like this one (dual Intel NIC and nice form factor)

Something like that and run pf/opnsense on it or a full distro on it like Debian or FreeBSD.
You can ofc use LEDE but you'll probably find it a bit limiting given the hardware.


People do love the J1900 but it doesn't have AES-NI which is an issue if I ever wanted to run pfsense on the box in the future.

Thanks for the suggestion, that does look like it might be adequate

Iv'e got a Turris Omnia, 2 GiByte RAM, 8 GiByte flash, Marvell Armada 380/385 dual core 1,6 GHz ARM. It comes with a custom variant of OpenWrt 15.05 with automatic security updates. And the board is open source too.

I've got a Turris Omnia and I've never hated a device more than I hate it. It was very promising but it cost a ton to buy and then it turns out the developers are utterly useless. Their s--- fork is total garbage, the wifi doesn't work, every release breaks something new. No QC to speak of.

The best case scenario would be if they (as promised) merged their device specific bits upstream so we could switch to LEDE, but they refuse to do so. They are well aware that the only reason they have any users on "TurrisOS" is because they're vendor locked.

For anyone considering the Turris Omnia out there RUN away.

Biggest waste of money.


You are of course correct regarding pfsense and the plan for them to move to AES-NI required hardware on v2.5. However that is 2+ years away so we have time to adapt or move to something else. I used OpenWRT a long time ago on an old Netgear WNDR4300 and it worked great.

What limitations are you referring to in regards to LEDE on an x86_64 platform? Or are you just pointing out that the hardware is "overpowered" given small hardware requirements of LEDE?
I did try to install a hypervisor on the J1900 and try virtualizing LEDE on 2 NICs and then virtualizing Pi-Hole on another. It would be fine if I was limited to <300mbps connection. But I have ATT GigaPower fiber and it can push ~950mbs in both directions. And I was unable to get ESXI to work on it due to bios issues. If one of the mainstream hardware manufacturers (such as the GigaByte Brix above) had a 3-4 nic box we would be set as I would expect good compatibility with more software.

You guys can stop arguing Fast Path is now available for ALL LEDE supported Routers

That's amazing news, thank you @gwlim!

Question is how much/what it breaks :wink:

LEDE is kinda limited as its primarily aimed is to run on "low-performance" hardware with space/memory constraints. Sure, you can in theory port * but that's usually not a feasible solution in the end. Just have that in mind if you want to expand the usage such as more in depth logging, integration of home automation etc. Instead of looking for 4+ NIC box, just get a cheap decent to expand ports such as Zyxels GS19**-series.

i agree that turris-os is not really prime-time, yet

but it's still a nice and stable device for hackers, i love it :slight_smile: (actually it's already possible to run LEDE, you just need to copy some patches from turris-os and some code to build a medkit-image)

i think it's only a matter of time until they upstream it, they already upstreamed omnia support to the linux kernel

I use Omnia and I dont have those problems running last version of my edited LEDE working fine. insane piece of powerful hardware

You may try latest APU2 from PC Engines, with quad core CPU, three Giga nics and 4GB of RAM. It is not the most powerful x86 platform, but probably the lowest consumption of 15A/h.

If it does not fully meets your needs, it will act as a very powerful webserver with plenty of RAM.

This platform supports AES-NI, so it probably also has VPN acceleration too (untested).

Schematics of the APU are publicly available, so it could be one of the very few routers with no-backdoor or limited backdoors. So it could be a good choice for security too.

