Dedicated Wireguard client? How to?

RLM · May 10, 2026, 3:44pm

Would someone please help me set up a higher-performing Wireguard client? Please note that I have only basic knowledge of networking.

I want Wireguard for outgoing traffic, not for remote access into my network.

The network is simple:
ISP > my modem > my Cudy WR3000S router with wifi > a wired Cudy WR3000S dumb AP with wifi

The enviroment is a house. Six devices use the network.

I installed Wireguard on the router and learned when a video call stuttered that the router does not have enough processing power. I was not surprised. I did not buy this router for such work.

(Thanks and kudos to @egc for the excellent instructions for setting up Wireguard through luci!)

I am sorry that I have many questions …

A little research suggests that the best way to have better Wireguard performance at a low cost is to install a dedicated client with several fast cores such as a Nano Pi R4S, which is reported to have good Wireguard performance, not to buy a more powerful router. Is that correct?

If that is correct, is the Nano Pi R4S appropriate for my needs? If not, can you recommend something better?

Where should a dedicated Wireguard client be placed on the network? Between the modem and the main router? As a LAN device connected to the router?

Must I have any particular settings in OpenWrt on the dedicated client other than the settings needed for the Wireguard client? Or should I just install OpenWrt, make no changes to the default configuration, and then install and configure Wireguard?

Are the instructions for installing Wireguard different for a dedicated client than for a router? How? I did not find instructions for this situation.

Must anything on the main router be changed so it can work with a dedicated Wireguard client? What?

I will have to learn about policy-based routing to keep the TV out of the tunnel. Policy-based routing seems daunting. Or is another subnet needed instead? Or both? Again, I know nothing about such things.

What else do I need to know that I’m not asking about?

Or would this work be easier and would I get excellent performance if I just replaced the router with a more powerful one? If so, recommendations? I know that the Gl.iNet Flint 2 is popular. I can see here

that it performs well with Wireguard. The model is a few years old now. Are there better routers in this class to consider for my needs? I have already looked at the table of supported devices. I'm interested in what other people know from their experience.

Thanks for any help!

psherman · May 10, 2026, 3:49pm

There are multiple ways of achieving the goal, but a Nano Pi R4S could simply replace your current router (depending on the specifics of your needs), as it is much more difficult to have a separate device acting as the gateway for VPN purposes. And you might as well have a more powerful main router rather than using an old-ish one.

However, this does not guarantee that your video stuttering problem will be solved -- there are other network factors, including the added latency, that could be responsible.

egc · May 10, 2026, 4:40pm

It sure is not the fastest router but if your video call is through WireGuard then try to lower the MTU of WireGuard e.g. to 1280

To give a more tailored advice we need to know how you video calls take place. it might be possible to use Policy Based routing already

and as always follow the advice of @psherman

RLM · May 10, 2026, 7:03pm

Thanks, psherman.

Then a more powerful router it is.

I would welcome suggestions. I know nothing about the fruity Pis. It seems that I would have to learn about many models to see which ones come with wifi, enough ports, antennas, etc., and which ones I would have to add pieces to. I would prefer to have everything contained in one box without a fan. Maybe I'll ask in the hardware forum.

Stuttering is not a problem when Wireguard is running on my computer (and not the router)), so latency seems not to be the issue.

RLM · May 10, 2026, 7:09pm

Thanks for your help, egc.

I probably won't be satisfied running Wireguard on this Cudy router, so I don't plan to adjust any settings. I already restored my previous configuration.

The stuttering occurred on a Signal video call, so both the router and the computer were encrypting and decrypting. Maybe that caused the stuttering. I have sometimes had two layers of encryption/decryption happening on my computer without stuttering.

I'm shopping for a new router.

RLM · May 11, 2026, 1:11am

@egc, a few years ago, you wrote:

I use a Dynalink DL-WRX36 which has a quad core Arm A53 2.2 GHz but that does slightly over 800 Mb/s running WireGuard.

I trust your taste in high-performing routers. Would you recommend the DL-WRX36 for fast Wireguard now or have you moved on to something better (if you don't mind saying)?

What @psherman wrote about the NanoPi stuck in my head until I realized that I don't need wifi in this router. So I'm also considering fast routers that lack wifi. But I need three ports. The NanoPi R4S has only two. Would I need to add a managed switch to the network or would an inexpensive unmanaged switch work?

psherman · May 11, 2026, 1:51am

If you don't plan to use VLANs, any unamanged switch would do the trick. Or, get a managed one for slightly more and you have that flexibility.

egc · May 11, 2026, 5:44am

The DL-WRX36 is an excellent router but I am not sure it is available any more on line.
An excellent choice is a GL.iNET MT6000 (flint 2) much used in the OpenWRT community and very easy to upload OpenWRT on it.
There might be cheaper choices though.

The best choice of a powerful router without wifi is an X86 box like a mini PC or Nuc, I use an old 10 year old PC for test purposes but for 24h operation it is too noisy and power hungry but it still runs OpenWRT very well