VPN Capable Routers?

[Melfox01]

My AirPort Extreme v6 router finally died and if I have to get a new router might as well get one that is VPN capable so I can access files on my UnRAID server outside my home. Initial research shows being able to install OpenVPN or Wireguard on the router might fulfill my needs. However, I am not experienced with networking (apart from getting Plex to work off home network) at all, so I'm starting to get a bit overwhelmed and would appreciate any clarifications someone can provide. To be clear, my Xfinity internet service only has 20-25mbps upload so I'm not expecting blazing transfer speeds, but I'd like to not have to constantly save files to my laptop then deal with the logistical nightmare of making sure I have copies everywhere. Primary client would be a 2019 16" Intel MacBook Pro and an iPhone.

 

Unknowns:

-Method to access files on UnRAID server (preferably easy to configure)

-If VPN, OpenVPN or Wireguard?

-A router that can use that method

-Where to find instructions on how to utilize that method on the router/server/MacOS/iOS side.

 

I appreciate any assistance that can be provided. Sort of been drowning in options.

[Melfox01]

Amplification: I've heard OpenVPN is more secure, but Wireguard is faster. Is the security difference something that would come into play with just accessing files on the home server? Is the speed difference going to make a difference when I only have 20-25mbps upload anyway?

[Melfox01]

Well, since I didn't get any help on here I ended up just buying something and experimenting. For anyone else who has questions about this, here's what I ended up doing and the experience I've had so far:

 

Set-up steps:

• Bought an Asus RT-AC5300 based on a few reviews online, wide area coverage, and out of the box compatibility with DDNS updates and OpenVPN.
• Set my Xfinity modem/router to bridge mode and configured the Asus router appropriately
  • *Note: Disconnect all client devices and routers before configuring modem/router to bridge mode. First attempts disconnected all devices from the internet. Had to get Xfinity to disable bridge mode from their end, disconnect everything, then try again. Even then I had to reset my servers to get them to show up.
• Created a free account with OpenVPN for 2 connections.
• Selected the VPN tab in the router software, selected OpenVPN, and filled in the details from my free trial.
• Created a free subscription with No-IP to set my DDNS to a set host-name.
• Selected DDNS from the WAN tab in the Asus router software, selected No-IP from the drop down, and filled in the details.
• (after some experimenting), went back to the OpenVPN tab, selected advanced options from the VPN details box, and checked 'Yes' for "Respond to DNS" and "Advertise DNS to clients".
• Then selected 'export' at the top of the page to download the OpenVPN config file.
• Downloaded the OpenVPN client app for my laptop and installed it.
• Dragged the OpenVPN config file into the app, named the connection, and plugged in the login details I set up in the OpenVPN general details tab in the router software.

 

To test:

• Connected to my phone's hotspot and connected the OpenVPN I just set up.
• Mapped my local Unraid server same as I would if I was on my home network and it came up (very slowly)
• Attempted to transfer a 2Mb .png image.

 

Results:

• Not sure if the limiting factor is my phone's connectively/cell speeds or the generous 11mbps Xfinity provides, but the 2Mb .png file took about a minute to transfer and Finder froze twice while attempting to open up a folder on the server.
• The Asus RT-AC5300 seems to be a good router so far after about 1 week of very light tests
  • Set-up was pretty simple with a little research and trial and error.
  • GUI is very usable.
  • Ethernet and Wifi speeds remain roughly the same from everywhere in a 1400sqft home (router positioned centrally).
  • Seems like the router can do a lot more than I'm asking it to do.
• It appears this set-up works as a proof of concept, but is not quite functional yet.
  • Next step will be to test from another wifi network with higher speeds to eliminate the cell network.
  • Then I'm considering swapping to AT&T fiber to get 300mpbs symmetrical up and down to eliminate the ridiculously slow upload speeds from Xfinity.

 

I have no idea if I did this correctly or efficiently. There's probably a better way to do it, but lacking any more knowledgable guidance I could understand (a lot of online posts went over my head) this is the best I could do right now. Hopefully this can help someone else if they they're interested in something similar. Standing by for comments.

[Melfox01]

Been able to do some tests and I have some initial results to report:

 

Asus RT-AC5300 Review after 1 month:

• It seems to be working okay.
• Not sure if it's the AT&T service or the router, but the 2.5GHz and 5GHz bands I bonded by assigning the same name and password is consistently slow, down to 25mbps download. The remaining 5GHz band I assigned a different name and password to is consistently at 250-350mbps down and up. Ethernet still gets 700-800mbps up and down.
  • Remedied this by telling all of my devices to connect to the 5GHz network, not the bonded network.
  • Further testing needs to be done on band/channel clutter to see if the 2.5GHz band is just over cluttered and my devices aren't swapping appropriately.
• The single 5GHz network was undiscoverable suddenly for a while. Even within the same room as the router.
  • I conducted a router reset (turn off then back on, not a factory reset) from the router's GUI and haven't seen further issues within the last 2 days.
  • However I also haven't done more tests than daily use since the reset.
• The extra functions I set up are working properly.
• Overall I am pleased with it.

 

Test Methodology:

• Connected to 350mbps Xfinity service across town.
• Mapped my UnRAID server the same as if I was on my home networks (In Finder: Go - Connect to server [cmd-k], then inputting the server's private IP address).
• Mapped the media Sharedrive and file storage Sharedrive.
• Transfered a 1Mb .png image.
• Attempted to playback a 7GB .MKV Blu Ray Rip of a TV Show episode.
• Moved through the file structures of both Sharedrives.

 

Results

• Saw negligible download/upload speed difference between VPN on and off as reported by Speedtest.net.
• I was able to connect to my home server without issue.
• File access was slow.
  • Even on home network it takes a few seconds for all of the files and folders within each directory to load, especially my Plex "Movies" and "TV Show" folders due to the number of folders and files in those folders. However through the VPN this time was lengthened. Saw on the order of 1 minute or so for the Finder window to load.
  • Same goes for the file server, but didn't take quite as long. Still close to a minute.
• Initial test of MKV playback of the blu ray rips was stuttery, but this was a very minimal test with only about a minute tested. Was similar to what I used to see when ripping a file to the server with MakeMKV and trying to watch a MKV file in VLC at the same time.

 

Further Testing Required:

• Upload/Download performance off of a less capable network.
• Upload/Download performance when on a network further away than across town.
• Adding an SSL for VPN encryption (at least I think that's what the SSL Cert is for).
• More media file playback testing.

 

All in all, the process seems to be working. I am able to access the file server off network, which was my original desire. The media playback side of things is icing on the cake if I can get it to work. Next step will be to try to secure the connection a bit more and do some further tests on function.