Any Dual Wan Router Recommendations?

Well I got my little box from china "I5-5250U Home Router Qotom-Q355G4 8G RAM 32G SSD" super overkill yes I know ^_^.

I was initially planning to install untangle but after reading their rules & forums I realized that they will very likely suspend my license if I try to sign up for home license for proper long term testing of everything.

I decided to try pfsense first and it took me quite a few hours to get everything the way I wanted it. I'm happy I don't have the 600mbps throughput limitations I had with the peplink balance one router but I would still like to find another dual wan router that offers a similar "fastest response time" algorithm at 1gbps throughput so let me know if you guys know of one.
 
Untangle does give you a 14 day trial on each pay for app, starting right at the install. Or you can purchase the wan balancer and wan failover apps at like...5 bucks each per month...run 'em for a couple of months at not a heck of a lot of cost...
 
YeOldeStonecat said:
Untangle does give you a 14 day trial on each pay for app, starting right at the install. Or you can purchase the wan balancer and wan failover apps at like...5 bucks each per month...run 'em for a couple of months at not a heck of a lot of cost...
Click to expand...

Oh right right I forgot I can do each one individually, ill try to test it out on tuesday, thanks.
 
I've always been a fan of the Mikrotik (make sure you properly configure the firewall!), or Ubiquiti Unifi Security Gateway, or Ubiquiti EdgeRouter series. All through options support dual/multiple WAN. I tend to favor the Unifi Security Gateway adopted in a cloud-hosted Unifi controller that I use for other Unifi equipment across my customer base. EdgeRouter has more functionality, and Mikrotik has even more functionality, but much steeper learning curve.

Beyond these, most of the big-name players Sophos, SonicWall, WatchGuard, Cisco, Fortinet, etc all support multiple WANs/zones.
 
Mikrotik is what we've been using, but the combination of configuration annoyances (just how many different screens do you have to visit to configure a VPN connection?) and lack of a UTM has me interested in something different. I don't work with the Mikrotiks enough for setup and significant configuration changes to really get and stay fully up-to-date on how to do everything which means I regularly am looking things up and having to work through things from guides, which can be slow.
 
After testing pfsense for a few weeks I got to say, I hate it. It works fine when you're testing it by unplugging one of the wans and replugging it but when real issues happen it doesnt always perform right. The email notifications for example don't always get sent out, it gives up immediately if it fails to send the first time it tries. The load balancing is poor and will lead to a performance drop rather than an improvement when one wan is much faster than the other. Recovery doesn't work properly, I know the router knows WAN1 is backup, it successfully sends an email about it and yet everything keeps using WAN2 but if I unplug WAN1 ethernet and plug it back in instantly everything starts working right (this part is the most confusing to me, i don't get it at all and i've seen this exact same thing happen when WAN2 drops and later reconnects).
 
YeOldeStonecat said:
Give Untangle a shot with the trial on the full bundle.
Click to expand...

Well I was looking at the pricing some more and while the failover and load balance is only 5 dollars a month each the actual bandwidth control is 25 dollars a month. That would come out to at least 420 a year which is a lot for a person that really tries to avoid as many recurring charges as possible, it would probably be a better idea for me to buy one of the large peplink routers.

If you just want my opinion on it and how it compares to peplink, pfsense, etc in an area with less than stellar quality internet then I can certainly test it but I don't think i'll keep it because of the recurring fees.
 
YeOldeStonecat said:
Give Untangle a shot with the trial on the full bundle.
Click to expand...

I decided to try it anyway, its very impressive so far. Slight disappointment in not being able to set mac address for wan ports but not a big deal. It looks like wan balancer automatically handles ssl persistence/sticky so it uses the same ip (edit: i mean same wan for the ssl site) ? I dont see a setting for it and i havent had an issue yet so I assume it does.

I'm trying to force ping/traceroute to a specific ip to wan2 so that I can perform better testing of the failover but it doesn't seem to respect this rule when it comes to pings:
upload_2018-9-8_9-10-47.png

Edit: hmm nevermind appears to have started working :confused:
 
Last edited:
The MAC spoofing isn't there on Untangle because the method of doing it changes based on the NIC driver. There's no way to support it on every interface.

It's also almost never used for anything good... so Untangle doesn't have it.

As for the rules that confused you, Linux caches routes so if you goof it up, it can take a few minutes before the UVM gets around to resetting them.
 
Last edited:
The untangle cloud email sure does have long delays, i went ahead and added my own smtp information. Tested the openvpn setup, that was really sweet! I've never had such an easy openvpn configuration before, I wasn't expecting the full tunnel option to be in group section so that slowed me down a hair but still very nice.

I found the QoS templates to be a little odd, the home option for example prioritizing things like video streaming and music but I suppose with a slow enough internet that might be worth doing. I realized I don't really need the bandwidth control model, I just need to slow down upload speed on the machines I installed netlimiter as a work around so that will save me 25 bucks a month (what can I say i'm very against recurring fees =P).

I'm still testing the failover and load balancing but so far so good, I am experiencing the strangest issue now but its just on my main machine but I can't see how it would be untangle's fault and yet the timing is suspicious. The issue thats happening is suddenly I can no longer ping 4.2.2.2 the one that I specified to go through WAN2, its pinging fine for a while and then i'll make a change like for example enable QoS and then poof I can't ping 4.2.2.2 anymore it times out everytime (edit2: disabling QoS again doesn't change issue). The other computers can continue to ping 4.2.2.2 just fine but heres where it gets really really weird, Its just windows that can't ping it! If I open ping plotter for example and choose the raw ping option rather than windows dll (i believe icmp.dll?) then I can continue to ping it just fine. I believe after a while it just resolves itself and then I can ping 4.2.2.2 using the windows dll like normal. I will continue to test perhaps it is simply a new issue where ping plotter is causing some sort of issue with the windows dll but then why just 4.2.2.2 xD. (edit: cause im pinging more than just the 4.2.2.2 with ping plotter)
 
Yeah I don't recommend the Untangle Cloud email, unless you like reports getting tossed as junk. Far too many idiots out there using it, and then reporting their own reports as spam.
 
I have our whole clients fleet of Untangle units using the cloud SMTP service...although we have our own SMTP servers out there, it's just quicker for me to check that one checkbox and it's done. Keep from spam? Easy...I just added Untangles email server to our domains SPF. Our clients domains have our domain added to their SPF.

Time wise...it's been quick, often when I'm doing work on one of the WANs for multi WAN setups and I bounce an airFiber or airMax radio for example...within several seconds I'll receive that "WAN down" notification.
 
YeOldeStonecat said:
I have our whole clients fleet of Untangle units using the cloud SMTP service...although we have our own SMTP servers out there, it's just quicker for me to check that one checkbox and it's done. Keep from spam? Easy...I just added Untangles email server to our domains SPF. Our clients domains have our domain added to their SPF.

Time wise...it's been quick, often when I'm doing work on one of the WANs for multi WAN setups and I bounce an airFiber or airMax radio for example...within several seconds I'll receive that "WAN down" notification.
Click to expand...

Weird, it took me several hours to receive some of the alerts when i had it set for the cloud service. I suppose its possible I have a lower priority as a trial account or something.

Edit: I'll take a closer look at the mail headers when i get home.
 
Last edited:
blah the mini pc running the router turned off on its own T_T and now I realize untangle doesn't do temperature logging which would have been handy here hehe. I did check the system logs looks like it just cut off out of the blue without warning so I figure dc adapter issue or perhaps temperature issue. The bios defaults on the mini pc were set to just leave the system off when power is restored so I changed it to turn back on when power is restored for when the next time the issue happens at least i'll have a better idea if the system restarts.
 
Is there a known issue with untangle and openvpn in terms of measuring bandwidth used through the openvpn? I was streaming (edit: broadcasting, transmitting) 1080p video at 30fps from another location and it was acting like I was pulling that off with less than 100KB/sec.
 
“I'm looking for something rock solid as if every time it has issues has a 15% chance for someone to lose their job.”

For heavens sake.. get yourself something with good support. We standardized on SonicWall. Ultra reliable, and with the paid subscription come excellent support for the most part. If you happen to hit a port tech just call back and you’ll get somone great.

One thing... I’d stay away from pfsense or any other free option unless you are VERY familiar with one of those already (which is unlikely since your asking the question..) because if something hits the fan.. there is no one being paid to help you out of that ditch..
 
crewman1 said:
I’d stay away from pfsense or any other free option unless you are VERY familiar with one of those already (which is unlikely since your asking the question..) because if something hits the fan.. there is no one being paid to help you out of that ditch..
Click to expand...

That's the trap to avoid - if quoting something "free" remember to factor in time for you to learn it, support it, deal with poor upgrade paths, etc. and get paid for it.
 
You must log in or register to reply here.

Similar threads

urcomputech
[REQUEST] Using dual NIC's on server and workstations to create dual networks for seamless switchover to backup WAN/ISP
Replies
13
Views
2K
Sky-Knight
Sky-Knight
JOsborne
Looking for a router with MFA VPN
Replies
2
Views
598
HCHTech
HCHTech
HCHTech
WAN Failover musings
Replies
11
Views
2K
Sky-Knight
Sky-Knight
tek9
[REQUEST] iPhone not downloading media on certain WiFi networks
Replies
5
Views
1K
Markverhyden
Markverhyden
P
USG Pro 4G LTE Failover Advice Request
Replies
2
Views
2K
nerd2u
nerd2u
Back
Top