I first used a raspberry pi 4 with openWRT then a custom script on a unifi dream machine SE, but I’m looking to get a new WG router.
I’m looking for a entreprise brand and I need to connect to a AWS WIREGUARD server and forward everything to an Ethernet port with a kill switch.
I was recommended gl-inet before but I’m not sure yet.
I wonder if I’m not better with a edge router or a Mikrokit hEx s. — or even a hEX lite
Any recommendations ?
You haven’t said what your minimum speed would be after tunneling everything through VPN, are you expecting >100Mbps? Or less? That will narrow down the list of devices that would suit your needs.
#1) If you have a TP-Link Archer A7 v5 / C7 v2 laying around I would import PCWRT(free version) onto them and use them as Wireguard /vpn router. They update their NTP servers through regular internet and everything else gets tunneled through the VPN. This was a huge deal breaker way back because Wireguard would stop working after a couple days on OpenWRT or DD-WRT routers (even my GL-router GL-AR300M did this 2 years back) because the internet would stop altogether after a while when the time sync drifted apart too much. Not sure if that have since been fixed in recent firmware revisions or not.
https://www.pcwrt.com/downloads/
#2) Asus routers with Merlin firmware have the options of Wireguard support through VPN Director. So a bunch can be used there.
#3 Perhaps try a GL.inet router either way because they have been around now for a while. Read up on their return policy, and handle the unit with care while you are testing it out.
My recommendation: I would keep it simple and order a router from PCWRT (pcWRT CF-XR10 is their strongest router, 4 cores, 1.2GHz). I myself have the Newifi-D2 (dual core) that I use for both gaming and vpn stuff. Never encountered a problem or wifi drops. The UI are very simple and easy to use, comes with a 90-day trial period for a full refund. All listed options have their own killswitch capability.
When you say VPN router are you wanting to host a VPN server or connect? Is it to stay at a location or to be more like a travel/portable solution?
Personally I have a gl.inet slate ax travel router, that thing is awesome. I use it almost daily but about to use it a LOT more. I’m travelling overseas for 5 weeks staying in hotels so we will be using that at every hotel, every day.
Thank you so much, I didn’t even though about NTP! I might follow your advice with the pcWRT CF-XR10, I don’t need that much NIC or WiFi but at least it have a strong quad core CPU so it’s should be smooth for WG!
Thank you again
Just to connect one client over Ethernet in an office
Wireguard as a protocol only uses 1 core, but it doesn’t hurt to have at least 2+ on a router to improve everything else. So if you are only looking for “speed”, always go for the highest single core frequency on a router (for Wireguard).
Although nothing will get as high as let’s say an Asus RT-AC86U or similar with AES hardware acceleration for OpenVPN, since you specifically asked for Wireguard, the 1.2Ghz quad from pcwrt I’m sure will be enough as it’s a stable and efficient router overall, especially if you are intending for it to run 24/7 for a long period of time.
Is that client fixed (not moving, like a desktop pc)?
Yes (it’s an iMac) — but the WIREGUARD must be established uplink and not straight from the client
Is split tunnel required or is it all traffic?
Full tunnel, the client can’t know that it’s connected to a VPN , that why I’m currently sending all the trafic through WG and setup a kill switch.
Fair enough.
I would suggest the gl.inet flint
https://www.gl-inet.com/products/gl-ax1800/
It has native wireguard support. Not that I have tried, but split tunnel doesn’t work. Unsure If it’s a bug or by design (with the kill switch)
You could get the SLATE AX which is the travel router, but I suspect this would be better for a fixed location.
You could Also go with something else completely, but I’m a fan of “not fucking around” with stuff I need it to just work. So for me I would always go with something that has native support. The Gui works well, you could disable to wifi if you wanted to.
Note: I don’t have the flint, so I can only assume it’s the same the the slate AX which is designed to be in a fixed location where as the slate is a travel router.
Thank you so much for your recommendations, I’m looking into it