## page was renamed from WireguardAppliances
I've been pondering how best to do this, and I have some ideas. What we all want is a magic box that you plug in ("bump on the wire"), and it makes your VPN stuff just work.

But I'd also like something that can do site-to-site VPNs. We just want "a box at each end". How best to do that too?

= Pricing model =

2x Rock Pi S with POE hats and cases are 106 USD. One of them has 1GB NAND flash (28 USD) and the other doesn't (19 USD). Both have radios and POE.


= Hardware =

Assume ethernet.

For a site-to-site you can use a single-port device I think, but 2-port is nicer. The single-port case uses VLANs to separate the traffic, unless your remote-clients live in the same subnet. That's actually a really nice setup, but it's a little more complex to manage.

If your router/gateway has a LAN2 port (thinking of Unifi gateways here), you can plug the "remote" port of the VPN appliance into that, so the router/gateway treats it as a separate LAN and should ''just work'' when it comes to routing.

For a road warrior setup, a 2-port device lets you have a clean "inside" and "outside" port separation. This assumes you'll proxy all your traffic via the "home" end.


= DIY or off the shelf =

For DIY I'd use a raspberry pi or similar. For off the shelf it looks like Microtik's RouterOS has it builtin, so that'd be a great option there.

== Microtik ==

 * Gigabit ports and actually in stock, $120 AUD: https://wisp.net.au/mikrotik-hex-s-rb760igs-5-gigabit-ethernet-sfp-256-mb-ram-usb-microsd-routeros-l4-ipsec.html
 * 100Mb ports, $88 AUD: https://wisp.net.au/mikrotik-rb750upr2-hex-poe-lite-650mhz-64mb-5-lan-usb.html
 * Above those prices, you find the Routerboard devices like this, $158 AUD: https://wisp.net.au/rb2011ils-in-1sfp-5fe-and-5gbe-includes-case-and-power-supply.html

== DIY ==

Depends on how much traffic you want to handle, but gigabit is a good futureproof option if you can spend the dollars.

 * An RPi 3B+ is about 60 AUD plus shipping. Can we do it cheaper? All we need is ethernet, and a decent amount of CPU grunt.
 * Rock Pi S is $15 USD (about 20 AUD) plus shipping, only 100Mb ethernet and low power, 512MB RAM and no wireless 'cause it costs extra. https://shop.allnetchina.cn/collections/frontpage/products/rock-pi-s?variant=29067635458150
  * Powered by USB-C 5V
 * Rock Pi E is $35 USD (about 47 AUD) plus shipping, 1Gb + 100Mb ethernet, better CPU, 1GB RAM and has wifi 'cause it's only $3.50 extra. https://shop.allnetchina.cn/collections/frontpage/products/copy-of-rock-pi-e?variant=31974543392870
  * Powered by USB-C 5V
 * The NanoPi R2S is comparable to the Rock Pi E: https://www.friendlyarm.com/index.php?route=product/product&product_id=282

The RK3328 in the Rock Pi E is about half as performant as the BCM2711 in the RPi4, but the board is way cheaper. I'd call it a win for this application. https://www.cpubenchmark.net/compare/Rockchip-RK3399-vs-BCM2711-vs-Rockchip-RK3328/3987vs4297vs4295

The Rock Pi S has an RK3308, and is probably even slower, but it's not made for speed. It's made for IOT stuff

Accessories:
 * Rock Pi S has a convenient case: https://shop.allnetchina.cn/products/rock-pi-s-case?variant=31957891088486
 * Rock Pi E passive heatsinks: https://shop.allnetchina.cn/collections/frontpage/products/rock-pi-model-e-heat-sink-kit

There's also the RPi CM4-based solutions, like this one: https://www.dfrobot.com/product-2242.html - note that this is the carrier only, you still need to buy the CM4 itself as well.


= PoE =

POE is great, use it if you can. POE hats are nice, but a bit pricey; an alternative is a POE splitter.

 * Micro-USB splitter, $21.55: https://core-electronics.com.au/poe-splitter-with-microusb-plug-isolated-12w-5v-2-4-amp.html
  * $25 at Jaycar
 * USB-C is good for RPi4 and Rock Pi devices, various prices on Amazon and Ebay
  * $54 AUD for 2 of them, shipped: https://www.amazon.com.au/UCTRONICS-PoE-Splitter-USB-C-Compliant/dp/B087F4QCTR
  * $63 AUD for 2 of them now? How? Because it's via US site? https://www.amazon.com/gp/product/B087F4QCTR/
 * Hats branded as DSLRKIT are also available and a bit cheaper. Needs research.

If you can get the POE hat cheaply that's the best way to go. It seems practical for the Rock Pi S, which has a 14 USD hat that also fits in the standard case. Converted price of $19 AUD is less than a POE splitter. Win!

https://shop.allnetchina.cn/products/rock-pi-s-poe-hat?variant=31847599931494


= Config in RouterOS =

 * https://rickfreyconsulting.com/wireguard-site-to-site-vpn-example/
 * https://help.mikrotik.com/docs/display/ROS/WireGuard


= GPS NTP time server =

Unrelated, but a good spot for it because it's a Rock Pi S inside: https://centerclick.com/ntp/