Hello everybody. I'm looking to buy a router and there are just too many options. I have 3 ethernet cables routed to different rooms already. My plan was to get simple unmanaged switches for the ends of these cables to plug more in, but at the moment only the room in the lower right really needs a switch. I haven't bought these switches yet, so I also want to ask if there's anything wrong with using switches like this. I want to plug my server straight into the router, and it will manage OpenVPN (at least that's currently installed on it) and smb and things. I mostly want the router to manage the security and network end like firewall and DNS. The modem can't be changed and will be put in bridged mode.
I'm looking for recommendations on what to get for the router. I don't know if I should get a 2 port router and put a switch behind it, or 5 ports, and I don't know if I should get a Wi-Fi router or get a separate access point. Considering the location I think I might need to get a second Wi-Fi access point anyway. The most important thing I think I'm looking for is for it to be well supported though, but there are so many ifs and buts about support that it's difficult to comprehend. Also this is the first time I'm actually really looking into routers, so I don't know that much about all this.
Also found this list for common requested info:
I have an internet connection of 500Mbps
I will need Wi-Fi, but I don't know if it's smarter to add a "dumb" access point or have a single Wi-Fi router. No idea about the different standards here, I just want it to be "good" which obviously means nothing.
I will need gigabit ethernet.
I don't think I'll need USB ports, but I might be missing something.
This router will mostly be for just me, but occasionally there will be others. Sometimes with desktops that will also need ethernet.
I already have a home server that has OpenVPN, so I don't think the router will need to do a lot. I might want to use some sort of QoS, but that depends on what my experience will be I guess.
My budget is 100 to 200 euros. I'm probably leaning a bit more to "overkill" then "necessary" though.
No problem with that, as long as you are aware that all devices connected to these switches will have to share the bandwidth provided by your single cable to that room (the 1 GBit/s connection between router and unmanaged switch)
Your bandwidth requirements are the problematic part, severely limiting your options - you probably don't have much of a choice here. That aside, having more ports on the router itself gives you options, such as multiple networks (guest, trusted LAN, DMZ, …) - nothing you couldn't do in combination with an additional managed switch, but it adds convenience and options.
As mentioned before, this is the biggest hurdle - there aren't that many SOCs which can cope with >>300 MBit/s, leaving you with:
x86_64 (doesn't need to be highend, but something faster than the old AMD GX-412TC Jaguar cores or the equally old Intel Bay Trail (e.g. J1900) cores).
mvebu (aside from wired-only ones or the Turris Omnia, this is generally plagued by bad/ abandoned mwlwifi wireless)
This pretty much comes as the natural consequences of the above and isn't really a problem, leaving you with both OpenWrt supported devices or unmodified OEM devices.
Better to have them and not use them, than not having the option at all - but I wouldn't make this a major decision point.
Both VPN and SQM requirements severely raise the system requirements, so don't aim too low. Functionally, VPN can be done on the router or your server - personally I prefer the router handling this ('neater'/ easier firewall and routing setup and keeping potentially untrusted packets out of the internal network). SQM must be done on the router (or some other device directly behind the bottleneck).
All combined (router, switch(es), AP(s)), you will probably stretch these limits a bit - depending on how much emphasis you put on the wireless side.
SQM at 1 GBit/s is the aspect that worries me a bit about the er4, yes I've heard that it can do routing at 1 GBit/s, but SQM is a considerable performance hog. There's just very little known about this SOC/ device - among the already thinly spread information about 1 GBit/s capable devices to begin with.
Thank you for the very detailed response. I want to highlight the fact that I am pretty new to this, and I'm getting the feeling I'm asking for the impossible here. For the x86_64 and RPi4 options I feel like those seem out of my level of experience, I don't have an old PC laying around and for the RPi4 I still need to add ethernet ports which seems like it would get expensive.
Looking at the other SOC, I do really like almost everything of the Turris Omnia, though obviously it's almost twice what I said my budget was (321 euros for the 2020 model). For the other mvebu options it seems I'd need to buy an AP which seems like it would drive the cost up significantly. Something like the Clearfog Pro seems good, but difficult to find and expensive if you add an AP. And options like the WRT1900AC seem weird if I'm not going to be able to use the Wi-Fi properly anyway.
Also note, the budget I meant for the router and AP. I already accepted that I will need to pay more for the additional switches. But considering I planned to just get unmanaged ones I figured it wouldn't be too much.
After reading this I'm considering stretching my budget for the Turris Omnia. I like that it's a single contained unit that seems to be well supported. Though it being a single unit has some problems if I'd ever need to upgrade 1 part of it. The other options seem like they require too many parts for me to figure out and slot together.
My two cents: get a RPi 4 for the router and an average OpenWrt-supported all-in-one router to use as a switch and access point. It doesn't have to be the best, as I also suggest that you use cheap all-in-one routers as switches/APs for the room.
So maybe a RPi4 with a USB3 ethernet dongle which would do most of the heavy lifting, and something like an Archer C7 to switch and provide wireless? Using USB to ethernet doesn't seem great to me, but I think I'm just basing that on outdated info.
I was planning on just getting something simple like an TP-Link TL-SG108 for the switches in the 3 big rooms. No additional wireless AP planned in any of the rooms, maybe in one of the left rooms if the wireless from the main router isn't sufficient.
It's a good device but a bit old now and overpriced.
It works well. There is a number of people here using that set-up, including @dlakelan who did some benchmarks you could find on the forum.
Having said that, you could probably do without the USB adapter; you use the one on-board Ethernet adapter for both LAN and WAN, but you would need a switch that supports tagging for that (a router flashed with OpenWrt would do just fine). It's not the easiest setup though.
It World make sense to have an AP for the left room. Wifi Speed decreases over distance. But anyway you can try without before and see if you are happy with it.
I'm slightly unfairly biased against the RPi4, but it's probably the best bang for the buck here - in combination with an additional USB3 ethernet card and some decent ipq40xx AP (all of that should stay just below 200 EUR).
 for non-router uses, I would prefer running a 'normal' desktop distribution, but support for these devices severely lags behind Raspbian (if I understand it correctly, kernel v5.10 is needed for hdmi support on the RPi4). The heavy reliance on a proprietary blob for the videocore4/5, which controls every aspect of the piggy-backed ARM cores, isn't exactly to my liking. I'm not really a fan of having to use USB as sole system bus, rather than having PCIe (or native-) network/ mass-storage connectivity (read, SATA). Before the RPi4, previous RPis were simply garbage, not enough RAM, unuseably slow ethernet. For a router I'm not really a fan of USB connected addon dongles (NIC) and the prices to get started (RPi4, case, PSU, sdhc card, mini-HDMI cables, …) are closer to ~100 EUR, than the always touted 35 GBP, close to x86_64 Atom based boards with soldered-on CPU (yes, you have to add RAM, case & PSU, but still…) which just works™ - again, I may not actually be fair here and haven't played within the RPi ecosystem so far.
 I'd always prefer two network interfaces, rather than relying on an external managed switch for VLAN tagging - while the later would work, the usability factor strongly favours the two-NIC solution.
Similar setup here, on formal 400/200 FTTH (real 850/200). I'm just using a cheap AVM4040 (4 ports only), running 19.07.5, attached to a SG108e 8-port switch for that. If Wifi needs to be extended, just put in another 4040.
Anything works fine: VLANs, Guest-Net, Wireguard at about 300MBits (no tests with OpenVPN yet) and the costs ~100€ if bought new.