I am looking for a new router to replace the one I got from my ISP as the Wifi coverage and speed is not great.

ISP: Hyperoptic
Speed: 1Gbps dl/ul
Current Router: ZTE ZXHN H298N

The connection comes straight into my apartment via an ethernet cable, so no need for a modem. I do a lot of gaming so low latency would be great. I also have a plex server and subsonic server that can be accessed from outside my network. I have been told that it would be more secure to have these behind a VPN, so VPN would be useful feature. I use my PC as network storage so no need for high speed USB ports. I would like to be able to manage and limit traffic to individual devices (Qos?). Wifi coverage and speed must be good, but coverage is more important than speed. I would prefer AC capabilities. Budget is £100 to £150.

Any help would be greatly appreciated!

Take a look at Linksys WRT series.

nitroshift

The Linksys WRT1900ACS looks suitable. Thanks!

AFAIK even the more powerful (but not as well supported) WRT3200ACM will not sustain 1Gbps connection at least not with OpenVPN. It's been a while since I've checked, but none of the non-x86 OpenWrt/LEDE routers were capable of 1Gbps connection because (unlike vandor/stock/factory firmware) they do not include hardware NAT.

FWIW, on my 100Mbps connection with VPN, WRT3200ACM can handle about 35Mbps. There's been some development for hardware NAT support in some routers for LEDE, it might be prudent to try these first than the more expensive/powerful but hardware NAT-less routers.

When picking VPN provider make sure to pick one which allows you to open ports on their IP address (for Plex) or you would have to use split tunneling (shameless plug: both vpnbypass and openvpn-policy-routing come pre-configured for Plex). I'm not sure what kind of effect VPN would have on your gaming experience, but you might have to route it outside of VPN as well.

Openvpn and gigabit NAT are completely different things. The WRT series does gigabit NAT with ease. Most x86 hardware isn't capable of gigabit vpn either.

So if I set up a VPN, I won't have good speeds? That's a deal breaker for me. How risky is it to leave my plex / subsonic servers as they are? Are there any other methods I can use to make them more secure without sacrificing speed?

(Last edited by riskywhat on 23 Feb 2017, 09:31)

riskywhat,

35Mbit is quite respectable for an embedded cpu; me thinks stangri isn't using the available crypto hardware here. 1Gbit VPN is definitely enterprise level and is usually a dedicated hardware appliance somewhere behind the firewall.

Wireguard is an alternative you could look into.

You may also consider WRT1900AC. It is an older version of the "S" version but work as great.

Cheers,
J

Could you elaborate on that?

35Mbit is roughly what I'd expect if the encryption is done in software (using the cpus). There are two crypto modules (CESA) on that board that could be leveraged. What to expect when doing so I have to little experience though as to make a guess but a noticeable boost should be possible.