I'm on the hunt for an affordable router that can serve as a dedicated VPN router, positioned between my FTTH modem and various home devices like a PS5, PC, and smartphones. My FTTH connection offers speeds of 100/10 Mbps. I'm planning to use custom OpenWRT packages, specifically OpenVPN/Tailscale, and I'm considering adding an ad blocker and possibly Watchcat. I might also compile a custom image to exclude unnecessary features.
After some research and considering what's available in my market, I've narrowed down my options to the following models:
Which of these would be the best choice for a VPN router, considering I want to maintain my connection speed without being bottlenecked by the router's specs?
Because Openwrt is retiring 8mb devices, starting next release, 16mb is next.
It won't happen today, but a couple releases into the future. And if you want to install extra software, 8mb extra isn't a lot.
But if you really need to choose between those two, I'd pick the C6.
I second the C6v3 - just make sure you get a v3 and not a v4 (same physical casing but the latter is 8/64 Flash/RAM).
With Wireguard VPN you can get expect up to 140 Mbps over LAN and 5-GHz wifi, so using OpenVPN and the mentioned tools should work out with the connection speeds you are offered.
The three in the original post are all the same CPU: MT7621. (the R6220 is the "S" version of the chip, meaning it has one core disabled). The MT7621 is not going to be fast enough for OpenVPN at 100 Mb. OpenVPN needs a lot of CPU power.
The OP still needs to be aware that there are issues with mwlwifi (as in the WRT1900ACv2) beyond 'just' WPA3, these wireless drivers have always been iffy and difficult in terms of interoperability with other chipsets (in particular Espressif or other IoT devices!), DFS (better avoided) and many other issues, with little hope for improvements.
In a wired capacity, these routers are quite fast and reliable, the wireless side can be fast - but only if there is mutual agreement between all devices.
Not really, at least not explicitly to support DCO. DCO supports subset of OpenVPN functionality (namely only AES-GCM and CHACHA20POLY1305 ciphers, no compression, no TAP mode, no fragmentation).
Most servers are configured without these features and are compatible with DCO as-is.
FYI, your peer needs to be updated to support DCO to get much better speeds.
An example, my VPN provider doesn't have this support yet, and while their customer support says it's in roadmap it won't be too soon.