Draytek or FitzBox for Site2Site VPN

Dear Forum Members,
Until recently I had a Draytek 2862 on FTTC in the UK and an old 2820 at my holiday home.
The internet in my holiday home is 300Mb FTTP with CG NAT on a Huawei EG8145V5 router.
The 2820 connects to the EG8145V5 via 100mb LAN cable and then back to the 2862 via a VPN.

I recently upgraded my UK setup to Zen FTTP 500/75 and telephony from Voipfone. I installed the ZEN Fritz!Box 7530AX router and set up the 2862 as a so called "DMZ" device. I configured VOIP on the 7530, so I now have:-

Draytek 2862 <-- DMZ/NAT --> Fitz!Box 7530AX <-- Internet --> EG8145V5 <-- Draytek 2820

Now the 2820 seem to be a bit of a bottleneck, so I was wondering if I would be better replacing it with a newer Draytek, or as they seem cheaper and more widely available a Fritz!Box 7530.

I can see the Fritz!Box does not have a local DNS. Are there any other features I might miss?

If I understand your situation correctly, you've running a double NAT at each location and your home is holiday home is also behind a CGNAT too?

If you want local name resolution, get a cheap Raspberry Pi (a PiZero will do but a Pi3 or later with an ethernet port is better) and use PiHole and Unbound. If you're not a Linux person, use DietPi as your distro and it'll automate the entire installation for you with 4 clicks. It'll give you local DNS, better privacy + more.

Regarding what Router to use, if you know your way around DrayOS, stick with what you know. Site to Site VPNs with Drayteks surprise surprise usually works flawless when each end is a Draytek device.

In reply to a post by nofappingway:

If I understand your situation correctly, you've running a double NAT at each location and your home is holiday home is also behind a CGNAT too?

If you want local name resolution, get a cheap Raspberry Pi (a PiZero will do but a Pi3 or later with an ethernet port is better) and use PiHole and Unbound. If you're not a Linux person, use DietPi as your distro and it'll automate the entire installation for you with 4 clicks. It'll give you local DNS, better privacy + more.

Regarding what Router to use, if you know your way around DrayOS, stick with what you know. Site to Site VPNs with Drayteks surprise surprise usually works flawless when each end is a Draytek device.

Thanks for responding.....

Yes two NATs but I am going to change that in the UK. I was also thinking sticking with Draytek because it has better management but having done more research the cheaper Drayteks seem to have performance issues with the 500Meg fibre I have in the UK. I can't get more than about 200Meg download from it. I would also like VOIP so for now I have bought a used Fritz!box 7530, so only WiFi 5 (AC) rather than six, but at £50 I think its worth a punt.
I''l let you know how we progress

One thing to bear in mind, the speeds quoted on their Website will be their NAT and Firewall engines only as they use a Hardware Accelerator. Unless its a vanilla IPSec tunnel with no NAT-T at the other end, tunnels are currently limited to approx 200Mb/s on the current 28xx Vigors.

Dump the routers and vpns and try Tailscale (or smiler)

Even the 2862 only quotes something like a 45mbps throughput for VPN. I'm using 2866 or 2927 (500/800 mbps VPN throughput) for anything requiring more.

If you're going the Draytek route you may need to upgrade both ends to get to the potential of your connections. As stated elsewhere there are other solutions.