[SOLVED] Can someone suggest a router with both DSL and WAN ports, possibly VPN support?

[Jacopo_4]

I am currently using a Vodafone UK DSL router, but I would like to have my own; I might also switch to Virgin or fiber in the future, so I would need a router that has both a DSL and a WAN port; optionally, but not strictly necessary, I would like to have a router that supports VPN as a client (for bypassing some geographical restriction on my Apple TV mostly).
I have seen the TP Link VR2100 that seems to have both DSL and WAN ports, but no VPN...

 

[bill001g]

You are going to be limited in your choice with the DSL. You might consider 2 routers a very cheap dsl router you use only as modem and then a more advanced router that has the vpn.

VPN put a lot of burden on the router CPU so it will limit your speed to 20-30mbps. This may not be a problem if your dsl is not faster.

I am unsure but asus in general has the same software on all their routers. It includes a VPN client mode. You would have to check if their other dsl routers also have the vpn but I know the ac-68u model has it.

 

[Jacopo_4]

You are going to be limited in your choice with the DSL. You might consider 2 routers a very cheap dsl router you use only as modem and then a more advanced router that has the vpn.

VPN put a lot of burden on the router CPU so it will limit your speed to 20-30mbps. This may not be a problem if your dsl is not faster.

I am unsure but asus in general has the same software on all their routers. It includes a VPN client mode. You would have to check if their other dsl routers also have the vpn but I know the ac-68u model has it.

Thanks, I have tried using the Vodafone router as a modem only (it didn't have a "modem only" option) by connecting it to the WAN port of a better router; it works but I think I was double NAT and port forwarding was impossible
Are there cheap DSL modem-router that can be set up in modem only mode?

 

[bill001g]

It should be called bridge mode. I would look in the manual and see almost all support it. Many times you must then run the router with PPPoE on the wan port

 

[SamirD]

Thanks, I have tried using the Vodafone router as a modem only (it didn't have a "modem only" option) by connecting it to the WAN port of a better router; it works but I think I was double NAT and port forwarding was impossible
Are there cheap DSL modem-router that can be set up in modem only mode?

The other thing to get around double nat is put your second router in the DMZ of the first.

 

[Jacopo_4]

Is this the Asus AC-68u?


ASUS RT-AC86U Wi-Fi AC2900 Mesh Wifi system Router AiProtection by Trend Micro, WTFast game accelerator free, Link aggregation, adaptive QoS, USB 3.0 ASUS router app support, Dual-WAN 3G/4G support https://www.amazon.co.uk/dp/B075WFL15D/ref=cm_sw_r_cp_api_glt_i_DYKNQDJ4JCECTBP3ETAV?_encoding=UTF8&psc=1


Also, since opening this topic, I've switched to NowTV internet (Sky)

Wolud this option allow me to use my own router and keep the NowTV router simply as a modem?
https://www.dropbox.com/s/7q4o4ef6eiun5lt/Capture.JPG?dl=0

 

[bill001g]

This is one of those things that I wish the manufacture stayed with consistent parts. The router you list is a 86u which is different than the 68u BUT there are also older version of the 68u that do not have this feature. The later version of the 68u is the same as the 86u, they both have a number ac2900 and use the same internal parts.

Key is it needs to use a broadcom cpu chip with a part number BCM4906 or a couple other ones with very similar names. These seem to all have a clock speed of 1.8 so that is a clue if the box has the correct cpu.

SO from what I can tell the router you list is still using the proper cpu. So far it does not seem they put out a different revision. There are also newer wifi6 routers that use that CPU chip.

Now this all may not matter to you. Many of asus routers can run vpn using other cpu. The key thing about this CPU chip is it has a hardware vpn accelerator. Most routers will cap you at about 20-30mbps using vpn. This is not so much a restriction when you only have a DSL connection but when it faster you do not want your
router capping your speed. This cpu chip can get over 200mbps vpn rates. So far I have not seen a newer cpu chip that has this encryption acceleration.

I would assume you can just use the ISP router in bridge mode. For your needs you could just run it in router mode. You are only running outbound VPN which tolerate multiple routers in the path. Since you no longer need DSL modem I would recommend you load the merlin firmware on the asus router. Last time I checked the vpn client on the router is still more advanced and easier to configure than the one on the asus factory firmware.

 

[Jacopo_4]

I don't want a new router just for the VPN, but mainly because the ISP router is crap (only two ethernet ports and poor wifi)

I've also seen this asus router at 1/5 of the price of the other one and it seems to have Open VPN client as well
https://www.amazon.co.uk/gp/product/B084HZR7F7/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1

 

[bill001g]

Almost all asus routers have a openvpn client. Pretty much any router other than ones that have that special cpu will only get about 30mbps using vpn. If this is fast enough for you then there is no reason to spend the extra money.

If we ignore the VPN almost any router can pass close to 1gbit wan/lan so there is no downside to cheaper routers for ethernet connections. Of course if you go too cheap the router will have only fast ethernet ports rather than gigabit.

For wifi it is a little more complex. The coverage on almost all routers is about the same if we do not get into the messy area of trying to compare the speed at certain distances that there are no rules on how to test. Most routers transmit at the legal maximum power which is key for coverage. End device may not so they tend to be most the cause of problems. But in general the distance the signal goes for that router and the more expensive 86u will be more or less the same.

The other big reason the second router is cheaper is it does not support all the advanced wifi encoding the other one does. This may or may not make any difference to you. Your end devices need to be able to use these fancy features and the vast majority of devices only support the methods a 1200 router would do. If you have
some devices that can use more advanced stuff then you need to consider if the difference in price matters.

Now you have to also know that these wifi numbers are massive lies. Most people will not get more than about 100mbps using a router and end device that has a 1200 number. You might get a bit more very close to the router. Even if you have very fancy router and end device you most times will not get much over 300-400mbps.
The newest wifi6e stuff might improve this but not a lot of data from real world customers. Mostly just fake reviews and people who like to brag about their big numbers, not so much from your non technical customers yet.

 

[Jacopo_4]

Ok, I've just received the cheap RT-AC58U V3
I managed to connect it to my ips router; I've disabled DHCP and WiFi on the isp router and assigned from it an IP to the Asus router (192.168.1.2)
Then from within the Asus router setting I've set its ip to 192.168.0.1 and enabled DHCP; I've also set the WAN network to be DHCP (the ISP router will assign it 192.168.1.2)
I've also enabled the DMZ on the ISP router to the ip 192.168.1.2
I've setup the port forwarding from the Asus router

I hope I've done everything correctly as all seems to work fine

I've also setup an openVPN with NordVPN and I am getting speeds of about 10Mbps from my personal pc; but I still get the full speed of ~50Mbps on the work pc (when using the work VPN), is this expected? I would have expected the work VPN to still have to pass through NordVPN servers and be slowed down

 

[bill001g]

I agree it is strange. The vpn on your work pc should have to go though the vpn on the router. All I can think of is for some reason the vpn client on the router is allowing the traffic to bypass the tunnel.

 

[Jacopo_4]

When I try to setup the dynamic dns I get this message


The wireless router currently uses a private WAN IP address.
This router may be in the multiple-NAT environment and DDNS service cannot work in this environment.

That's because I'm stll using the ISP modem router to assign my Asus router the private IP 192.168.1.2 so it sees this as the WAN IP

How can I solve this?

 

[bill001g]

You can't really. It all depends on how the program that does the dyndns on the router works. The most simple way is to take whatever IP in on the wan and put that value in the dyndns site. The way some other ones work is they go to some site like whatsmyip to get the public IP and then put that value in the dyndns. That is how a pc client behind a router works. Some of the dyndns sites allow the app to just say put whatever IP I am coming from into the dyndns and the app does not even have to know what it is,

It all likely doesn't matter in your case. After rereading this thread it seem you want to do outbound DNS to some DNS service. That does not need dyndns. You would need dyndns when you wanted to say create a vpn tunnel to your house from a remote location. Since the IP might change you need a way when you are at the remote location of finding the IP of your house and that is what dyndns does.

 

[Jacopo_4]

I found that the duckdns home assistant add-on on my raspberry PI still works fine (it likely checks the ip on something like whatsmyip), so I don’t need to use the native router feature

What I don’t quite understand is how it’s still reachable through port forwarding when the ip is the one provided by the vpn provider; isn’t this shared among multiple users?


Although that would have been nice because my work network detects ‘duckdns’ as porn so it doesn’t let me connect to my home assistant server

 

[bill001g]

It is quite strange if you are putting a external IP that you get via a vpn service in dyndns. As you state that IP is shared and in almost all cases you can only open outbound sessions since the vpn provider would need some kind of port forwarding to make it work.

The only way I know to get remote access when you are using a vpn service is to use something like teamviewer where you pass through a common server at some company.

I would be checking to see if some traffic is somehow bypassing the vpn.

 

[Jacopo_4]

Basically I have an MQTT server on my raspberry and an energy meter in another house in another country that connects to it by using myname.duckdns.org
The mqtt server continues to receive data even after I turn on the VPN on the router; although I noticed it stopped receiving data during the night (but the VPN had been on long before that)

Could it be that the router itself maintains the isp’s IP and just the connected devices are routed through the VPN?
Or is it because I have added the asus router to the dmz of the isp router?

 

[bill001g]

Anything connected to the ISP router directly will not use the vpn.

Now if the server is on the asus router then I suspect this is some kind of bug or maybe a "feature?". What I have seen on my own router is at times the vpn tunnel will drop. I run a constant ping to 8.8.8.8 mostly to monitor latency. The latency via the vpn is about 20mhs higher so I can tell when it goes via the vpn or directly.
When the vpn unexpectedly drops the ping will go back to the lower direct connection. Even if I restart the vpn for some reason the ping will not move back. I must stop the ping for a period of time and then it will go back. I suspect the router is keeping some NAT entry that overrides the vpn.

It happens so seldom I have not bothered to dig through the code. I am using the merlin firmware which has the source code available.

 

[Jacopo_4]

I’m tempted to return this router and spend an extra 10-15£ on a second hand RT-AC68u