Which router for SSH and VPN behind a main router?

Which relatively cheap router would you recommend, that is connected to the main router via LAN cable and is used only as SSH and VPN server?

"Relatively cheap" is, well, relative -- What is your budget?

What throughput over VPN do you need? Will WireGuard meet your needs, or do you need to use OpenVPN or a different protocol?

As a rough data point, I'd consider a MIPS-based, 750-MHz class router to be "reliable" at around 8-10 Mbps for OpenVPN, 30-40 Mbps for WireGuard. Once above that point, I think you're probably better off with a Pi-class device (as below), or an x86_64/AMD64 SBC (with AES-NI) for significantly higher rates.

A Raspberry Pi. I've got one, running both WireGuard and OpenVPN.

It's dirt-cheap compared to most routers of equivalent computing power, and setting up both WireGuard and OpenVPN are easy enough to accomplish.

  • under $50 or $70
  • 20Mbps should be enough. 10Mbps might be slow.
  • SSH is a must. OpenVPN preferable to WireGuard.

thanks! Do you get 20Mbps with it when you connect remotely with OpenVPN?

20 Mbps for OpenVPN requires at least something like an ipq40xx device, if not faster -- they start around US$75 (one notable exception is the Linksys EA6350v3 that was recently on Amazon UK for £34).

An inexpensive SBC would likely provide more single-core crypto performance (as the crypto for VPN is typically single-threaded) than an all-in-one router at the same price.

1 Like

No idea; never measured the throughput. I use it only for remote access back to my lab at home when I'm away, not for heavy data transfer. For my needs it's fine. In addition, my upstream is capped at 20Mbps anyway so it doesn't matter how powerful the VPN host is; I'll never exceed 20Mbps.

1 Like

Thanks jeff! And what would you recommend for 10Mbps, that might be fast enough, but not sure yet, until I test it.

I don't think that any MIPS-based all-in-one will have the power to reliably provide 10 Mbps with OpenVPN. While the ones in the 750 MHz class can hit 15-20 Mbps "when the stars align", I'd want at least 2:1 for "reliable" operation. They are typically what can be purchased below US$75.

I haven't been able to find enough benchmarks of Raspberry Pi performance for OpenVPN, but one that seems "better" than others is http://bitman.org/irafinch/rpivpn/performance/

Based on that and the roughly US$60-70 cost of a Raspberry Pi 4 with supply and a good case, that would be what I would try. The Raspberry Pi 4, from what I understand, has mitigated the Ethernet-throughput problems of earlier designs.

Thank you for your thorough answers! Very helpful!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.