Can anyone recommend a small, highly reliable VPN-client-capable router/switch?
Should have 4-8 Ethernet LAN ports, although could be combined with a small switch to reach this.
The WAN port will be connected to a Linux router/firewall via a long-distance wireless bridge.
It should tunnel LAN traffic to a VPN server running on the Linux router. Bonus points if that VPN connection is smart enough to retry dropped packets on the wireless link locally. Willing to install and configure whatever Linux software is needed for the server side of the VPN, so essentially any VPN technology is allowed.
Should either bridge traffic to an virtual interface in the Linux firewall (representing termination of the VPN) or be a proxy/agent-forwarder for DHCP. LAN-side devices should be seen as individual nodes by the Linux VPN server (i.e. no NAT, preserving MAC addresses is best but routing with IP-address per node is ok too). Bonus points if each LAN port tunnels to a separate interface on the Linux firewall and the device does not bridge traffic between local ports (e.g. VLAN-style isolation of LAN ports). VPN must connect automatically at boot and re-connect periodically if lost.
Bonus points for bandwidth control / rate-limiting of attached devices, but not essential.
Throughput should be at least 20Mbps, prefer 50Mbps.
Intended deployment environment is in a rooftop outdoor electrical enclosure, so small size is important as is robustness to temperature variation. Thus physical access to replace/reboot is very inconvenient, reliability is crucial.
Target price: < $800 (but don't consider that a hard limit if it does exceptionally well in terms of desirements)
The VPN serves two purposes: retry packets locally instead of waiting for the end-to-end connection (with high RTT) to detect losses, and insulate the wireless bridge equipment against unusual packets. Strong encryption not required.
