Hardware options for openvpn server support
I've recently installed new CCTV cameras (4 x 4mp IP cams) and as I need remote access (don't want to directly open up the cameras to the world) its finally kicked me into sorting out my home network.
I have a couple of areas that need addressing:
VPN access via OpenVPN server (preferred to IPSec as less likely to have issues traversing NAT networks or being blocked) for remote home network access and localisation shifting (i.e. so I can watch BBC iPlayer when abroad). Currently on BT infinity so 20Mb up is my bottleneck, but plan to switch to FTTP during the lifetime of this equipment so would like to future proof.
The VPN Server will be the only pinhole into my network, so looking for a hardened solution that will be easy to update when required.
New NAS for CCTV storage, Time Machine backup (encrypted Sparse Bundle direct from MACs, rather then encryption on NAS), streaming my wifes old DVD collection and general storage.
Improve wifi coverage around the 3 floor house (both 2.4G and 5G bands can be quite congested during the week when the offices are occupied).
Equipment is going in comms cupboard and eaves. But its still a house and would prefer not to run loud/noisy/power hungry servers 24/7.
I have quite a bit of experience in Tier 1 network design and delivery, so am not a novice. But I havent looked at the SOHO market for a long time. Also I don't want to bring work home, so looking for a solution with simple management and maintenance rather then regular tinkering. I've been doing lots of reading and it appears the options available conflict with my requirements to some extent.
A) Although I don't need a powerful NAS Appliance (don't need transcoding or lots of Apps), I could get something like the TS453a (~£380) which has AES-NI. Then run PFsense on a VM, or run the QNAP native openvpn client (although concerned about security). To improve wifi I could use BT's new Mesh system and leave my BT HH5 as a modem. TS453a (£380) + 8GB DIMM (£60) + BT Mesh (£165) = £605. I'm a little concerned how well pfsense will fare in this config both in terms of performance (in particular the openvpn server) and reliability/stability (don't want to be abroad and find I can't access my home network).
B) Same as (A), but use a HP Gen 8 (with processor swap for one supporting AES-NI) instead of the QNAP. Saves me about £150-£200 with the cashback offers on the GEN 8 (Gen8 = £120, CPU = £50, 8GB = £60). Gives me more flexibility then the QNAP and saves some cash. More initial tinkering, but more worried about ongoing tinkering. Also can I trust something like Xpenology for the NAS side even if its locked to local network only, FREENAS seems overkill. Total cost around £400 (Gen 8 £230, BT Mesh £165).
C) Get a cheaper NAS (£250) and something like the WRT3200ACS (£179) or WRT1900ACS (£119) running openwrt/LEDE/DD-WRT. Reading a thread on the PIA forum I should get ~80Mbps of openvpn throughput. Should be quite secure and reliable. For wifi I could add another cheaper openwrt/LEDE/DD-WRT router (wired) in the eaves and a third if I still have dead spots. I don't think the wireless solution will performa as seamlessly as the BT Mesh (but I could always just turn off the wireless on the WRT). Also won't be as fast for openvpn as option 1 (AES-NI I hope will make a significant difference) and I leave myself limited options from here (the Gen8 would give me the most overhead for the future).
D) Go with something like a GL-AR300M (£27.77) to serve my current OpenVPN needs. Grab a cheaper NAS (i.e. Asustour ~£250) or Gen8 for NAS duties (£120 + £60 for 8GB DIMM). BT Mesh (£165). And hope some better hardware accelerated OpenVPN options pop up when I move to FTTP (probably 1 to 2 years time). Problem is that may not happen. Total outlay £370 (Gen8 as NAS) or £440 (Asustour).
Have I missed something? What would you do or what are you doing? Going round in circles here so any comments greatly appreciated.