Improving Speed of VPN Router

Run your VPN on more powerful hardware

1 Like

Or use Wireguard. It's much faster than OpenVPN.

1 Like

Wireguard on tplik qca9533 550 mhz can do upto 50 mb/s

1 Like

can you suggest sir a budget friendly router but can run 20mbps+ on openvpn?

20mbit/s is quite a lot to push for a router and would require the high-end devices. Not really a budget option for that unfortunately. Contact your VPN provider to see if they offer Wireguard as well. It's becoming much more common.

I've had success with the Meraki MX60/MX60W. The CPU does built-in encryption "offloading" per the datasheet.

Turbo Security (Optional)

  • On-chip IPSec/SSL acceleration with header/trailer processing
  • Supports DES, 3DES, AES, ARC-4 encryption, MD-5, SHA-1, and SHA-256 hashing
  • True and Pseudo random number generators (TRNG/PRNG)
  • Public key accelerator (PKA)

Using an Western Digital My Net N750, I received ~30 Mbps using Wireguard. Using the Meraki, I receive near ISP provisioned max speed of ~60Mbps. I have found the Meraki devices for ~US$20-30.

effective - efficient - cheap
pick two

if you want fast and cheap, i would suggest an old pc/laptop for routing/vpn.

1 Like

Something about wireguard...

About The Project
Work in Progress

WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We’re working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with “0.0.YYYYMMDD”, but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software). If you are packaging WireGuard, you must keep up to date with the snapshots.

However, if you’re interested in helping out, we could really use your help and we readily welcome any form of feedback and review. There’s currently quite a bit of work to do on the project todo list, and the more folks testing this out, the better.

Seems to me this isn´t a proved vpn solution for now...

3 Likes

This is correct. Those choosing to use Wireguard should understand it's Beta Software at this time.

They should also keep Wireguard up-to-date.

uf of.. using wireguard in production, even on medical services, no better service like this, if you understand what are you dealing with, I can only say openwrt and wireguard is all about understanding what is openwrt all about

2 Likes

being on the wireguard mailing list, don't know for how long, I can only say that every problem was solved in matters of days, not weeks, maybe even hours.. there is a problem in using windows clients but even that will be fixed.
is strange running cheap routers for vpn services that offer so much speed, but hey, if we can, why not!?

what about Rasberry Pi Router? as a VPN client? will it give me a better speed?

Think it's more a alpha software...

The pi >=3 will have the ARMv8 (AArch64) architecture which does has some extensions for speeding up cryptographic operations...
I don't know if OpenWRT for brcm2710 builds are AArch64 builds, but from the cpu power it will definitely give you more power that a mips router.
The only limitation is the single ethernet port, but this shouldn matter for your requirement...

Anything using ARM will be quite a lot faster, even the IPQ4**** series however I would recommend you to look at IPQ8****, Marvell ARMADA 385 or Marvell Armada 3700 platforms if you're going for 30+ mbit.
The RPi's are not very suited for networking as "everything" hangs off USB.

this one could be better

Really thankful to you guys whose replying to my question, i might try the Rasberry Pi
i will use it as a WIFI VPN while my main modem is connected to ethernet of Pi.
will that works?

Sure this will work...
You could also use the single ethernet port with vlan to get two virtual network interfaces.
For your requirement with 40Mbit/s a pi with 100M ethernet would be sufficient.

Also with only one interface it will be possible to redirect traffic to your vpn on your pi.
The VPN policy routing packge is great for such things if you need to redirect only single ip´s or ports over your vpn connection.

1 Like

If you already have a Raspberry Pi, then that's a cost effective way to get some compute power on the problem at well under 100 Mbps. The on-board Ethernet adapter is 100 Mbps and off-board USB dongles aren't much faster.

Many better options out there in the $50-150 range for low power-consumption, physically small computers that have either or both better Ethernet and more capable processors (such as AES-NI or supported crypto acceleration).

1 Like

I have been running an old PC-Engines ALIX 2d13 for a few years. While its a bit old at this point it has AES-NI 128-CBC encryption and can be had for $50 +-. with 256MB and a CF card you can put lots on this. I got 18-20 in my test config, but only have 50\10 service so I am limited. I run this as a server. It has (had?) a specific image for it (Geode) so you do not need to build it.

I would probably suggest looking at the newer APU\APU2 with 1GB+ RAM and 4 core 1GHZ CPU, though they are a bit over $100. I believe some of the devs use these.

Not sure what's in the low end Ubiquitis, but they can be had for $50-100.

All plain routers, no wireless, though there are card slots in the PC-Engines.

1 Like

Four apu2c4 / apu3c4 (tailored for LTE modems) running various OSes here and I'm very happy with the price/performance and, very importantly, the reliability.

1 Like