Hello everyone. I am a new member and I would like to switch from my current router which a Netgear R6700v3 to a router that I can flash OpenWRT on. Please see my settings/specs and requirements for my network below.
I would really appreciate inputs from the experienced members that will help me find a router that meets all of the following:
Location: USA
ISP: Comcast/xfinity
Bandwidth : 1 Gigabit
Current maximum speed with my current router ( Netgear R6700v3) is between 800Mbps to 920Mbps
Supports 2.4GHz and 5GHz
3 to 4 Ethernet ports
Most supported by OpenWRT in every way; processor, wifi chip, bootloader, RAM, Flash size ( i do not want to be limited in the future to limited NAND or RAM size)
Easy to flash OpenWRt with GUI and LuCI pre-installed and ready to go.
Works with pihole installed on Raspberry pi without complications and tedious back and forth setting adjustments on the router to get it to work. ( It was a nightmare when I tried to use pihole on a raspberry pi 3 with DD-WRT on Netgear R6700v3)
Gigabit throughput capability is very important.
I have a NAS currently attached to my current router to one of the Ethernet ports. So wireless transfer speed on the local network is very important.
Price is not an issue. I am not looking for something cheap.
Any recommendation that checks all of the above would be greatly appreciated.
Thanks for bringing up the VPN aspect as it had completely slipped out of my mind when I posted my post. The answer is yes, I will be using VPN, client and server.
My current configuration for VPN is as follows:
I have an OpenVPN server running on my Netgear R6700v3 that allows me to access my home network remotely.
I also have a VPN client with Perfect-Privacy vpn provider. They use OpenVPN protocol as well.
I am using policy based routing/ split tunneling because I do not want all of my devices to go through Perfect-Privacy VPN. Sometimes I want some of the devices to go through normal internet.
However, ALL of my devices use the pihole as their DNS which has a custom third party DNS ( OpenNIC). So this is another important aspect because I want to make sure that my ISP DNS is not used at all by any of my devices.
It shouldn't be an issue to configure things so that you have a single DNS server that is consulted for all lookups (assuming that it has the proper root-hints file and goes to the DNS root, or is configured to use what you consider an "acceptable" upstream server).
What speeds do you need from the VPN? In my testing, even a desktop-class Intel/AMD processor with AES-NI can't push moire than ~500 mbps using OpenVPN. Mid-range, all-in-one routers (multi-core, ARM-based, IPQ40xx) are in the 25 mpbs range. I don't have a Marvell-based or IPQ806x, ARM device, so I can't meaningfully represent their speed. WireGuard is significantly faster, if you have the client support you desire as well as confidence in its security for your needs (questions for you to consider, not necessarily negatives; I use WireGuard with my iPhone and macOS laptop).
I am currently pulling download speed of approx. 20 to 30 mbps but it varies based on the location of the sever I am connected to. And I am ok with this download speed from my vpn provider using AES 256.
With double hop vpn, the speed drops to about 15 mbps average.
256 encryption is good enough for me but I am thinking of increase it a notch up so I want the processor to handle it.
perfect privacy also have their own client but I use OpenVPn client on my phone.
So any suggestions of which routers I should be looking at?
Remember that gigabit rates are still considered enterprise-grade rates. That they are being offered in the home doesn't change the processing requirements.
If you're not going to be doing anything other than NAT with the gigabit stream, the current crop of multi-core ARM-based all-in-one routers that can offload the flows should be able to handle that portion of the task.
For VPN performance, while I don't have access to an IPQ806x or mvebu-based device to benchmark, if you're looking to exceed 25 Mbps with OpenVPN, you might be able to do that with a high-end ARM all-in-one. You're probably looking at x86_64/AMD64, especially if you're looking to move to stronger encryption than aes-256-cbc, when it becomes available.
Thanks Jeff. This is very enlightening.
A few more questions:
If I were to use my current R6700 as an access point then I would use either an x64/amd64 or the Cisco sg300 a switch between my modem and R6700?
What do you think of the Negate SG-3100? https://www.netgate.com/solutions/pfsense/sg-3100.html
It runs pfsense and I would use my R6700 as an AP after it.
I know that it's not running OpenWRT but it is just a thought.
Would the R7800 or any of the ones listed in the link below work on its own as areplacemet for my R6700 since there is no OpenWRT image for the R6700.
Do you recommend the Turris CZ.NIC Omnia? Or Linksys 1900acs? Excluding the need for vpn and encryption.
Finally, can you suggest a router that meets the requirements I listed in my first post but without the need for vpn client or server?
This is for a different place where all I care about is throughput capability for a gigabit internet from comcast? I am trying to find a router that is as open-source as possible and fully supported by OpenWRT that I would not have issues flashing OpenWRT image on it.
You could plug your cable modem directly into the router port, or go through the switch. The 10-port and 28-port SG300s are both fanless and both idle somewhere around 10 W, as I recall. If you've got the 28-port one, you've got plenty of ports and can run the modem through it, which makes it possible to monitor or access from another port.
I don't know the Netgate SG-3100. I do know FreeBSD quite well, though don't run pfSense/openSense for a variety of reasons, mainly that I craft my own firewall rules by hand and run my own IDS and monitoring tools.
For just an AP, the EA6350(v3) has been available on Amazon UK for £34 and Amazon US for $75 and I consider that a steal at the first price and a good value at the second. I recently replaced three of my Archer C7v2 units with two of the EA8300 which has basically the same chip for processing and client AP access. I get noticeably better wireless with the ipq40xx than I did with the earlier generation chips.
I can't comment much on the IPQ806x or mevbu devices as I haven't owned one. Many people are happy with both.
If your second location really needs gigabit throughput from an all-in-one, some have said that the mvebu-based units can handle those rates. Personally, I'm hesitant about the Marvell wireless drivers, especially as nobody here knows if the NXP acquisition will make the level of open-source support better or worse. I suspect that Comcrap buffers their gigabit lines pretty severely, so SQM may be of value. Then again, the number of people that actually can use a gigabit per second of data I think is pretty small. I've had a ZyXEL NBG6817 on my wish list for a while (from back when they were over US$200) and that or the WRT32X would probably be on my short list, of those easily available in the US at this time, if I were going for an all-in-one.
Thanks!
Regarding your lasy paragraph, I do not need to achieve gigbit throughput at my second location. Sorry I forgot to mention that.
Would than change your advice to another router? if any
Get a x86 system with dual NICs and a switch such as the SG300 or Zyxel GS19XX-series (I personally prefer the Zyxel models but they're similar), avoid Realtek NICs and use whatever you have as separate AP.
Based on my experience with the similar EA8300, I’d recommend the EA6350(v3, which by now should be all of them in primary markets).
I’m a big fan of discrete Intel NICs over Realtek. Then again, I couldn’t resist an ODROID H2 for form factor, power consumption, and price. I have one on the bench. Early testing with Debian looks good. I haven’t run FreeBSD hard on the NICs yet.