Stanislav needed a Gigabit Ethernet router to run OpenVPN, and after some research he settled on Ubiquiti EdgeRouter X router with 5 Gigabit Ethernet ports, PoE in and pass-through, with a decent 256 MB RAM and 256MB flash, and a $49 MSRP, although I’ve only seen it for $60 and up.
The router is not a new product, as it has been out for a few years (since 2015), and it’s also officially supported by OpenWrt, which makes it even more interesting.
Ubiquiti EdgeRouter X (ER-X model) specifications:
- Processor – Mediatek MT7621AT dual core MIPS1004Kc processor @ 880 MHz
- System Memory – 256MB RAM
- Storage – 256 MB NAND flash for firmware
- 5x Gigabit RJ45 ports
- Ports configurable for line-rate, Layer-2 switching
- 260 kpps for 64-byte packets
- 1 Gbps for 1518-byte packets
- Passive PoE passthrough option
- Power – 24V via passive PoE or power adapter
There’s also a ER-X-SFP model with Gigabit SFP port for backhaul applications.
The stock firmware is based on Debian Wheezy with a nice GUI and OpenVPN 2.3, but many packaged dated from 2013/2014, so if you want to run more recent firmware and programs – such as OpenVPN 2.4 – OpenWrt is a good option.
Stanislav has done just that, and with OpenWRT installed, the router is able to perform IP routing at more than 400Mbps, while OpenVPN 2.4 performs at up to 20Mbps with 256-bit AES encryption, and at about 55Mbps with encryption and authentication disabled. You may also be interested in his OpenVPN configuration scripts and instructions.
The router is also fairly popular on Amazon ($68.47) with rather positive reviews from users (with stock firmware). If you are based in the US, it’s a bit cheaper on Newegg ($59.90) & eBay, where you’ll find second hand models too. A few more details may be found on the product page.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
The stock firmware is based on an unmaintained 3.10 kernel. Which kernel version does OpenWRT use on this device?
Not sure now, but another MT7621 OpenWrt router ran Linux 4.9 several months ago -> https://www.cnx-software.com/2017/10/13/unielec-u7621-06-mediatek-mt7621-router-supports-openwrt-padavan-and-pandorabox-firmware/#comment-546866
For the latest 17.01.4 a 4.4 kernel is used. Building from trunk you will get a 4.14 kernel.
It’s the device I’ve used to connect the MiQi boards in my office’s build farm. I’ve installed haproxy on it, and it reaches around 500 Mbps of distcc traffic. I had to upgrade the firmware as the default one is very crappy with lots of FS corruption warnings and massive slowdowns (I suspect the kernel warnings are sent to the serial console, causing the slowdowns!). No more issue after the update. Otherwise it’s a really nice small network device if you don’t care about not running mainline on it, I consider it has the lowest price per port you can find on any Linux networked device.
Another interesting point is that it requires very low power. I’m powering from a USB port using a 5 to 12 DC-DC converter. A few photos are available here, it seems like mqmaker has dropped the old forum comments : https://twitter.com/WillyTarreau/status/814795025368412160
It seems a little crazy to put openwrt on an ER-X because
* the gigabit firewalling comes from hardware accelerations and the binary blobs that enable it. So youd really need the vendor kernel to take advantage of the performance.
* EdgeOS is totally awesome and is a big kid routing OS compared to OpenWRT
I’ve just seen a comment on Reddit by “UBNT-stig (previous employee) ” claiming:
But I can’t find any traces of this code, maybe I don’t know what to look for…
Building OpenWrt from the current trunk supports hardware offloading for ipv4 and flow offloading. See https://forum.lede-project.org/t/hardware-nat-for-lede/1094/264?u=martb
I think the xiaomi miwifi r3g is a nice competition to this, if you’re willing to swap two gigabit ports for wifi and usb 3.0. The price range is about the same (at least in my country), and it is supported by openwrt too…
“with OpenWRT installed, the router is able to perform IP routing at more than 400Mbps, while OpenVPN 2.4 performs at up to 20Mbps with 256-bit AES encryption, and at about 55Mbps with encryption and authentication disabled”
He should try WireGuard 🙂
It is nicely supported in LEDE (LuCI plugin available for easy GUI configuration), performs really well and is (probably) very secure.
Another alternative also supported by OpenWrt using the same processor with the addition of a USB 2.0 port and a microSD slot, but with only 16 MB flash is the MikroTik RouterBOARD hEX v3 (RB750Gr3). Make sure you get the v3 as v1 and v2 use different processors. It can be found for about the same price as the EdgeRouter X but if you need USB or more storage via microSD could be a better value.
The POE passthrough is outdated. Hardly any new devices use 24v. The entire WAP range from Ubiquity is 48V.
Otherwise I really like this router. Works really well.
Shame that MT7621AT HW crypto support is of unknown license and is not included in mainline. With HW crypto it would be high performace OpenVPN device.
Is there something equally simple and cheap that can route gigabit speeds while running pfsense? I’d like to use some dedicated hardware for routing instead of my current VM with PCI-E passthrough
> Is there something equally simple and cheap that can route gigabit speeds while running pfsense?
Nope. @gonzopancho mentioned they started to work on EspressoBin but here the Topaz switch is attached to the SoC with just 1 GbE so you won’t get gigabit throughput anyway between two ports if it’s really about routing and not just letting the switch do frame processing based on VLANs.
Maybe their SG-3100 appliance (based on Marvell Armada 38x) is fast enough for your needs?
Do and internet search on pfsense gigabit routers, I tried posting links but not allowed.
Otherwise I don’t know if pfsense runs on it but the clearfog base is not much expensive, uses the same SoC as the SG-3100 and is very powerful.