Best router CPU supported by OpenWrt with OpenVPN


Currently running TP-Link Archer C7 v4 with OpenWRT. I currently have OpenVPN installed in the router and connected. When using OpenVPN, connection drops from 100 Mb/s to 10 Mb/s.
One of causes seem the CPU, because OpenVPN is very hardware intensive. I also have many (around 30) devices connected (smart devices, computer, laptops, tablets, etc.). So, I might currently be asking too much of the router.

Range is * not * an issue for me. It's an open space and kind of small (400 sqft).

I'm really looking for a router that the CPU will be fast and capable for many years to come.

What would be the top 5 options from known brands (like Netgear, TP-Link) with excellent CPU to handle all that?

I'm in the US (for market purposes).

Thanks for any suggestion!

Buy a nanopi R2S and use it as main router. Use the archer C7 as switch/ap and you got it.

You should seriously consider WireGuard for better performance:

1 Like

Hello there!

Archer C7 comes with CPU in MIPS architecture. If you want to get better OpenVPN performance then you should looking for router with CPU in ARM architecture.

For example i'm using this one:

But this is first.

Second is that soon you will hit other limitation about encryption.

In short today AES encryption is flavored from everyone running on x86 CPUs because processors have special instructions for hardware AES acceleration. And this is great.
But... today world isn't running only on x86 CPUs and there are also ARM and MIPS and many others. And here comes issue because other CPUs (including most of ARMs and all of MIPSes) doesn't comes with AES hardware acceleration.

That's why there is some encryption designed for low-end devices called CHACHA20-POLY1305. Chacha20 is encryption and Poly1305 is MAC haching algo.

Using OpenVPN with ChaCha20-Poly1305 can accelerate even your router.

But... here come other issue... OpenWRT now comes with outdated OpenSSL libraries that doesn't support this encryption.

And here is Catch 22! You can't do anything for now!

Probably easiest and fastest is to make offloading from this router purchasing one of RaspberryPI, OrangePI or NanoPI device that will do only OpenVPN and leaving router to do only routing.


Thanks for your detailed reply! Just to check if I got it right:

  • I can maybe go with an ARM architecture, like Linksys EA7500.
  • Alternatively (maybe better than the ARM architecture above?) is to connect a *PI device that will do the OpenVPN, so my Archer C7 is only routing. Is this basically what @EnfermeraSexy said?

Thank you!

No, use the new device as the router, with openvpn and whatever you want, and use the c7 just for wifi and additional ethernet ports.

Thanks! I think this is what I meant unless I got something wrong.
It's because R2S does not have wifi/access points capabilities, correct?
So Archer C7 would provide the wifi/AP, while R2S will do the OpenVPN.

To me, I'd still call Archer C7 as "router" because this is where all clients (wired and wireless) will be connected to. The R2S will be simply doing the VPN.

You want the R2S to manage the connection because it's quite more powerful, so the C7 doesn't have to "lose" power routing everything and it can just use his CPU for encrypting/decrypting wifi packets.

Hey @EnfermeraSexy and @peternikolow , what if I get a BananaPi like this:

I believe it has the power to run everything (AP + OpenVPN), all in one device, do you agree? If not, is there a good reason why you still think a R2S separate from the Archer C7 would be better?

Not taking the price into consideration, of course (since the BananaPi is a $150 device).

Or, even something like these (all multiple core ARM routers): or

If money is not an issue, then the Turris Omnia:

Thank you very much for helping!


It's hard to give opinions since different people have different needs. Here is how i make it.

I have router Archer C20 using stock firmware. And near router using ethernet cable i connect one Orange Pi Zero and another router C20i. So Zero works as OpenVPN server and have shell access plus VPN connections anywhere from world. Zero also works as OpenVPN client to some VPN service.

C20i is connected and configured as "dumbAP" and relay everything to ZeroVPN. C20i also using stock firmware.

So C20 have SSID as "peter", C20i SSID is like "peterUK" because running behind VPN. And i connect to different wireless networks dependent from what i need to do.

So this works for me and it's suitable for mine needs.

Also consider this little powerhouse from hardkernel:

Has dual 2.5gbit ethernet ports, quadcore intel j4115 cpu, aes and 64bit cpu. Although i'm also a openwrt user, it seems opnsense has drivers for the ethernet controllers. You should inform if it is possible to run openwrt on this. The price / performance ratio is really good!

1 Like