Fastest OpenVPN Single Core Performance

Hey,

I currently have a Linksys WRT1900ACS which delivers around 80 MBit/s through OpenVPN. My line is 300 MBit/s fast. Which router could saturate this line?

ARM CPUs can easily reach 2,5 GHz, but I only see 1,6 in routers. Should I use a small x86 mini PC for this?

Thanks,
Achim

Hmm, my WRT3200ACM only got to 16Mbit/s on a good day.

Internet line speed are pretty useless for the comparison since VPN is only data movement but I have 100/100.

And what crypto capacity does the client have?

The ER4 got about 36Mbit/s with the same config.

But cpu speed is one thing but what the point of comparing VPN speed in this way if you don't compare the actual crypto since that is the actual cpu load. But the crypto in use is as I see it classified information…

300 Mbps through OpenVPN is a tall order. x86 is likely your best bet.

1 Like

If wireguard (or IPsec) would be a possible alternative, this could be much faster than OpenVPN on the same hardware.

1 Like

Unfortunately ProtonVPN does not support wireguard for routers yet. I think I will look into x86.

Thanks for the replies!

FYI

https://openwrt.org/docs/guide-user/services/vpn/openvpn/performance
https://openwrt.org/docs/guide-user/services/vpn/wireguard/performance

I'm not sure the vpn provider can see what kind of device's used by the other end, and even if they could, why would they care?

Of course they can. VPN is only VPN. You don’t get any privacy by VPN, the only thing you get is a encrypted tunnel from point A to point B.
And then you trust a Panama or Cayman island registered company without contacts to not look at your data just because they say they don’t do that, well we know how that usually turns out.

Dude, you're barking up the wrong tree.

I'm perfectly aware of the 'false' advertising for VPN functionality - I usually link to https://overengineer.dev/blog/2019/04/08/very-precarious-narrative.html when asked about VPNs.

You should probably reread my post, to get the context.

.... and they can't really see my data, since it's all https:ed, but they can 'see' where I surf, if I use their DNSes or any other DNSes without using DoT or DoH.

They don't offer config files / config directives for linux. Apparently their wireguard implementation is still in beta and only testable through the apps. You certainly could extract / reverse engineer the information, but I lack time, energy and probably skill.