for running an VPN access point.
I was looking at different threads and hardware tables but besides RAM/ROM it’s hard to find actual vpn performance comparison.
I don’t care about any additional features, focus is on running a „VPN-only Gateway“ as An additional guest network (think for IoT, Visitors, etc) for existing WiFi’s whose configuration can not be touched.
If there’s already a thread about this, please feel free to just send me there.
In short almost all APs are weak because most used VPN today is OpenVPN. And that's good!
Now bad news - OVPN massive is running on x86 (32/64 bit) and there was AES-NI instructions for speed-up them. But APs aren't running on hardware that comes with AES accelerated instructions and it's slow.
Probably is best to try newest OpenVPN versions and to use Chacha20-Poly1305 instead AES for AEAD. Even Google do this:
because mobile devices comes with relative weak CPUs and also doesn't have AES acceleration instructions.
Another workaround is to use some combination of dump AP and some dual-NIC SBC like Orange Pi R1: http://www.orangepi.org/OrangePiR1/
because SBCs are using ARM CPU.
Another workaround is to get some AP that using ARM CPU.
Just use some cheap SBC with mainline kernel support and/or a big community.
Don't use openvpn, instead use wireguard. It has much more performance on "weak" hardware. On an rpi 2 I could push packages more or less at line speed (100mbps).
For fast + openvpn you need to take a look at something with an rk3328 or rk3399.