Need hardware capable of a 100 Mbps OpenVPN server

I'm running an OpenVPN server on my old Dlink router DIR-825. It's very old and at 100 % cpu load it delivers up and down vpn speeds of around 13 Mbps.

That's no longer enough for me as i would like to be able use 100+ Mbps bandwidth while connected to my vpn. So i'm trying to figure out which hardware my new OpenVPN server should run on.

I don't need a lot of fancy stuff or strong encryption. I just need speed as it's for pulling 1-4 streams from a hdhomerun.

Would the NanoPi R2S do the job or would i need something bigger?

Much bigger!

Here is Wireguard benchmark:

Thanks!

So I'm reality i should drop openvpn and use wireguard?

I don't have a preference as i just need 100mbps lan access. Is there a less hardware intensive way of achieving that?

Well - here are OpenWRT benchmarks:

and here is raw data:

Here is basic idea on chip MT7621 using OpenVPN you can get 21Mbit/s, but using WireGuard they are 200.

IF you are using DIR-825 C1:
https://wikidevi.wi-cat.ru/D-Link_DIR-825_rev_C1
then your chip is AR9344 and it's exactly benched as 14 Mbit/s there using OpenVPN.

But noone bench it using WireGuard...

Great links!

Maybe i should do wireguard on a raspberry pi 4

Well - will be GREAT if you can benchmark WG on DIR-825 please.

I will gladly do that.

It's running DD-WRT v3.0-r40559 right now which doesn't include WG, so either i have to find a dd-wrt package that includes WG or flash openwrt to it.

Unfortunately i don't have physical access to it until 3 weeks from now - could i flash openwrt remotely?

definitely switch to wireguard. I doubt that flashing openwrt remotely would be particularly safe. Wireguard on a RPi works well for me. I don't have benchmarks but I'd be shocked if it weren't 100Mbps, and it wouldn't surprise me at all if it could hit 500.

DD-WRT support WG.

Go on GUI, "Basic" then "Tunnels".

My current installed build doesn't support WG - only newer builds support WG, but can't flash the newer builds as the build is 14 MB and the linux partition only is ~8MB ...or it could also be that i'm a rookie to all this

root@skovbrynet:~# cd /tmp
root@skovbrynet:/tmp# wget http://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-24-2020-r44863/dlink-dir825-c1/dir825c1-firmware.bin
Connecting to download1.dd-wrt.com (185.84.6.100:80)
saving to 'dir825c1-firmware.bin'
dir825c1-firmware.bi 100% |********************************| 13.9M  0:00:00 ETA
'dir825c1-firmware.bin' saved
root@skovbrynet:/tmp# write dir825c1-firmware.bin linux &
root@skovbrynet:/tmp# Image too big for partition: linux
linux: Invalid argument
^C
root@skovbrynet:/tmp# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00050000 00010000 "RedBoot"
mtd1: 007b0000 00010000 "linux"
mtd2: 00525000 00010000 "rootfs"
mtd3: 00170000 00010000 "ddwrt"
mtd4: 00010000 00010000 "nvram"
mtd5: 00010000 00010000 "FIS directory"
mtd6: 00010000 00010000 "board_config"
mtd7: 00800000 00010000 "fullflash"

Just ordered a RPI4

If you have 825 C1 they have 16MB flash:
https://wikidevi.wi-cat.ru/D-Link_DIR-825_rev_C1

As a test I enabled the wireguard vpn on my phone and got basically similar speed test results with wireguard as without... limiting factor was the wifi signal, data rates around 100-120Mbps. So an RPi4 can do at least 120Mbps wireguard.

If you still wanted to use OpenVPN for whatever reason (or anything else that uses AES) you could've at least been able to use crypto hardware acceleration on Rockchip SoCs which the RPi4 lacks.

Probably you have 825 rev. B:

And here it is latest DD-WRT for this device

I think i bricked it now

oh well, i'm gonna try and fix it at christmas and report back

slow openvpn speed is better than no speed
never flash router remotely !

it wasn't 100 % remotely. Did remote desktop into a computer on the routers lan side.

Had my dad reset the router and it's up and running the old firmware again now. I have tried upgrade via:

• telnet
• chrome
• internet explore
• firefox

The first 3 ones just failed and the firefox bricked it. When i get physical access in 2-3 weeks i'll flash openwrt on it and try WG