My x86 router journey

varkey

Well-Known Member
Messages
2,345
Location
Bangalore | Ernakulam
ISP
Excitel | BSNL
I switched to OpenWRT itself, pfSense wasn't giving me that good feeling. It certainly has a lot of features but lack of WireGuard, ZeroTier support made me lean towards OpenWRT. OpnSense has support for these, but I didn't like OpnSense much either.

With WireGuard, I get to max out to the link to around 250-300 Mbps over the IPv6 tunnel (I think it's limited by the backhaul capacity of my LCO or the last mile PON port limit)





If anyone's interested the x86 EFI image of OpenWRT is available here -- x86: add EFI images and make iso images EFI bootable by uxgood · Pull Request #1968 · openwrt/openwrt
 

rajil.s

Member
Messages
313
Location
Lucknow
ISP
BSNL
Openwrt is good, but pfsense is way better if you have enough horsepower. Snort/pfblockerng/BGP routing are awesome in pfsense.

Not sure what is the deal with wire guard. Ipsec with aesni works great.
 
Last edited:

varkey

Well-Known Member
Messages
2,345
Location
Bangalore | Ernakulam
ISP
Excitel | BSNL
WireGuard is more efficient, so for a given hardware WireGuard gives a higher throughput. Also, it's extremely easy to set it up.

For my current use cases I felt OpenWRT works better. Pfsense sure is great, but I guess I don't really need all the features in pfsense but also require some which aren't available get. Maybe I'd re-evaluate after a while. 😅
 


devangpatel

Member
Messages
107
Location
Maharashtra
ISP
Airtel 4G & Jio 4G
can anyone explain what is WireGuard, OpenWRT, pfsense? and for what it is used?

Cause I am new to this tech stack and I feel excited to learn 😬
 

JB700

Active Member
Messages
628
Location
Delhi
ISP
Tripleplay
1. WireGuard is a VPN Protocol that is very lightweight and performs very well even on weak devices unlike much heavier OpenVPN. This is why many VPN Providers are offering WireGuard as an option since its usually much faster and consumes less battery on battery powered devices. WireGuard is also less prone to disconnections compared to OpenVPN. SBCs like in Raspberry Pi can give very good speeds on WireGuard whereas OpenVPN will struggle with encryption/decryption especially without AES-NI (found on newer CPUs).

2. OpenWRT is a Linux based firewall/routing software that is much more customizable compared to default consumer router software.
It's not as fancy as PFSense but it is very lightweight and can be installed on many regular routers. It unlocks many stuff in normal routers that is typically found in much more expensive routers such as IPS/IDS to look for harmful packets/stop attacks on network (though this is usually quite hard on weak CPUs), much higher control on WiFi like changing power to high levels not usually allowed in normal routers, fancier firewall rules, collecting network stats, VPN Support which might be disabled on stock software etc.

3. PFSense is FreeBSD based firewall/routing software, it is more suited towards x86/x64 CPUs unlike OpenWRT and has even more customizablity like newer Suricata IPS/IDS with much fancier graphs compared to OpenWRT's snort. While OpenWRT is suited towards really low end routers, PFSense is more suited towards full fledged computers. PFSense is most suited for things like OpenVPN,IDS/IPS because its usually installed on faster computers. Though there are ARM based routers/firewall which run on PFSense like SG-1100, these are typically suited for small networks and you can't run things like Suricata, OpenVPN without maxing the CPU.

Sources:


I would suggest going through these videos/channels as well:

Source

Source

Source

Source
 


JB700

Active Member
Messages
628
Location
Delhi
ISP
Tripleplay
Afaik Nope, OpenWRT can't be installed on ONTs (there may be some weird ONT which might support ONTs though but I OpenWRT doesn't support modifying Optical Module settings as far as I know). I would assume that blasting ONT at full power will have some effects such as overheating, Noise,power limits etc. Like if WiFi power is increased way too much, devices close to AP will see degradation in speed usually.
 

shin

Member
Messages
43
ISP
BSNL BharatFiber
Honestly I wonder to what extent is wireguard better than OpenVPN with AES-NI instructions. Is wireguard's cipher faster than hardware AES?
Tho wg is lightweight, that's for sure.
 
Top