Page 2 of 2

Re: New OpenVPN server - route entire network

Posted: Sat Jan 04, 2020 9:59 am
by js9erfan
Could I get your thoughts on using an Asus router with aes-ni instead like the AC86U to act as a vpn client instead? It seems like it might be cheaper and faster although not nearly as full featured as pfsense.


According to the specs, both routers comes with chips from same architecture (ARM v8 Cortex-A53) which support AES-NI. The Asus is slightly faster @ 1.8GHz whereas the SG-1100 is clocked at 1.2GHz.

Yes, CPU is the most important spec in regards to VPN performance but keep in mind that depending on how many clients are connected and whether you plan to run an OpenVPN server on your router in addition to the client, RAM can factor in as well... OpenVPN recommends a minimum of 1GB for most. The AC86u has 512MB RAM, the SG-1100 1GB.

Also, the SG-1100 doesn't provide WiFi so you would need to add an AP if you don't already have one (I use UniFi APs which are great performers).

It all comes down to needs obviously and as you mentioned, the Asus is more limited in features than the SG. If your plan is to route your entire home network over Sonic's VPN, keep in mind their production server goes down rather frequently... I don't know that you can easily configure the Asus for VPN fallback like you could with the SG so just something to consider. But if you decide on the Asus take a look at the Merlin firmware fork which supports the AC86u. It has more features than the stock Asus firmware with some optimizations for OpenVPN. Enabling NCP using AES-128-GCM would probably be your best bet in terms of balancing security and performance.

Re: New OpenVPN server - route entire network

Posted: Thu Jan 09, 2020 12:11 pm
by platonium
Thank you once again-that’s super helpful.

Re: New OpenVPN server - route entire network

Posted: Mon Jan 20, 2020 2:11 pm
by Brushteeth
The ASUSWRT would import the sonic OVPN profile, but I had a lot of trouble with pfsense
I started with this thread:

viewtopic.php?f=13&t=4102&hilit=pfsense+pfsense+openvpn

And I had to enable ovpn_client logs on pfsense and keep debugging with the error messages.