Building my first Router

  • Hi Everyone,

    After seeing fairly dismal real world OpenVPN performance for an Asus RTAC66-U (12Mbit / 6Mbit), I'm looking to upgrade to a beefier platform.


    • Allow for gigabit throughput between LAN ports and at least 100mbit throughput between WAN/LAN. (Internet service is currently 50/50mbit with option to go gbit)

    • Support a combined 50/50mbit OpenVPN connections with currently 2, and potentially 5 clients. The Asus RTAC66-U was able to support 12/6mbit when I tested it from the local university's gigabit network instead of the local hotel.

    • Allow for port-level VLANs. Basically, any network devices connected either directly, or through switches to a specific port are a separate network that cannot ping or otherwise access a network on a different port. My apologies if I'm not using the correct terms. I have three units in an apartment building, and I'm trying to distribute internet access to each unit while ensuring that the units cannot network to each other. I'd also like to set it up such that the master unit is the only one that can access the router configuration screen.


    I went through this thread, and considered this

    But saw it's only capable of running ~500-600mbps. Not sure if I misread what's going on in there.

    I saw a reference to this product and how it should be capable of handling full-duplex 1-gbit.
    Is there a better solution to what I'm trying to accomplish? I'm trying to avoid dedicating a mid-tower or sff sized computer for what seems to be a small task.

  • Make sure what ever you get  is AES-NI capable:

  • I'm basically in the same situation.  I currently have a Zywall 110 with a 1gb down / 250mb up fiber optic internet connection.  In speed tests the Zywall can download at about 900mbps and upload at 240mbps.  I'm using VPNs, and I can transfer IPSEC data at 100mbps (that's the speed of the receiving side's ISP, so the Zywall may be capable of more) with the Zywall showing about 70% CPU usage.

    I'm looking to build a pfsense box to replace that Zywall because of the change in their firmware policies where you have to register your router with their support site and let it phone home whenever it wants to in order to receive firmware upgrades.  As there is some concern about having a device which sees everything your network does being able to phone home whenever it wants to and upload whatever it wants to, I'm looking ditch Zyxel and go with something I can better trust.

    That said, I do want at least the same level of performance I'm getting now, and I'm having trouble finding numbers about what the various hardware configurations are capable of.  On the netgate site they go into the CPU type, the amount of RAM, the size of the SSD, etc., of their various models, and they give some general recommendations about the size of organization that may need that model; but they don't give benchmark numbers as to what each of those boxes is capable of delivering, which is a bit frustrating.  As I'm just a single person I/T consultant I won't need hundreds of thousands of simultaneous connections, but I do want to be able to use the full speed of my internet connection, and to be able to transfer files at high speed across a VPN.

    While money isn't exactly an object, I'd like not to have to spend $1,000 to do the job something that cost $450 was able to do, unless there is a very good reason for doing so.

    If anyone can direct me to where some benchmarks are for various hardware configurations I'd appreciate it, as that would help me gauge what I might need.  Also, if there are other hardware vendors out there besides netgate that make good pre-configured units I'd like to have a look at them to.

    In the mean time I'm going to install pfsense as a virtual machine under VMWare ESXi just to play with it and get the feel of how to configure it; but although I've got plenty of memory and processor power in my ESXi server, I really don't like the idea of running my router as a VM.

    Suggestions welcome.

  • for gigbit you will need a quad core i5+ or ryzen sr3+ with intel lan cards

    doing 250/20 with a core 2 with 4gb ram with squid+squidguard with an issue. I am the only user.

    used hardware when you upgrade is a good choice for a router

  • Banned


    for gigbit you will need a quad core i5+ or ryzen sr3+ with intel lan cards

    doing 250/20 with a core 2 with 4gb ram with squid+squidguard with an issue. I am the only user.

    used hardware when you upgrade is a good choice for a router

    Lol what!? 100Mbps WAN through VPN needs an i5? You have no idea what you are talking about.

    You need at least a passively cooled celeron  ::). J3355B will do the trick for $55.

Log in to reply