I thought I would consult the vast knowledge of networking here regarding VPNs.
I set up a self-hosted OpenVPN on a Vultr server in the UK and connected to it from my OpenWRT router here in Dubai.
My normal ISP speeds are 400Mbs however on the VPN I am getting a max of about 4-6Mbs. From reading a few articles, OpenVPN might not be the best choice here.
When I connect to my company VPN which is a Cisco ASA, I get speeds well over 100Mbs so I know it's not an internal bottleneck.
What other types of VPN should I look at self-hosting, anything else I should look at?
OpenVPN is fantastic for x86 because encryption is AES and all x86 processors have AES-NI instructions for accelerated AES encryption/decryption.
But this doesn't works well on routers (nor MIPS, nor ARM) because most of them doesn't have any kind of AES accelerated instructions and calculation must be make in traditional way.
Basically just OpenVPN, Wireguard and Softether (v5.x).
Thats mostly true if we assume no hardware acceleration enabled, yet some embedded platforms get this working for openvpn + openssl, which would outperform any other none accelerated VPN service.
The issue is that the ssl lib needs support for it, but also the VPN service needs those specific compile switches enabled.
So its a puzzle of having it working on the hardware platform and correctly compiled into the SSL lib and the VPN binaries.
PS: Softether's own VPN protocol competes with Wireguard, but you need to check VPN client availability on your platforms.
Even with hardware acceleration enabled, in many cases. You need very good hardware encryption accelerators (i.e. things that are deployed in businness firewall appliances) to get anywhere near Wireguard performance with OpenVPN.
A lot of consumer embedded devices have relatively weak crypto processors that barely go faster than doing it in software on the CPU (so the only benefit is that the CPU is not loaded if you use them, but it does not go "faster")
Their "own VPN protocol" is just a form of SSL-VPN, piping ethernet over a SSL tunnel between two static end points.
All businness firewalls have offered that for ages. The main drawback is that the protocol itself is very dumb so it requires all management communication to be done by the client/server over something else before establishing the tunnel, so it's very easy to "proprietarize" it by just changing the management communications.
That said SoftetherVPN is mostly a management system, it supports many different protocols, also WIreguard afaik.