Raspberry Pi 4 released

TIP1: RPI4 + VLAN enable switch and you have a versatile router
TIP2: USB3 + GbE = decent NAS

1 Like

I still don't see any real advantage above the underestimated Odroid C2, which happens to support eMMC as well.


Well, as a NAS, agreed. but for a router, if you actually calculate the total cost for a PI plus accessories plus proper switch, then you may just get a a router, especially that the RPI 4 is still BCM. Don't forget that if using it as a router you would be paying for things you don't need such as 4K display for example. The big advantage of course that it can be re-purposed with just changing the SD card, plus the multiple USB ports and the expandable storage.

A Raspberry Pi 4 probably has better crypto speed than most of the US$75-class all-on-one routers, making it interesting for VPN use.

I agree that the ODROID C2 is a great little unit, especially at its price point. For me, its two drawbacks are a non-standard header connector and that I have to build Debian myself for it (Ubuntu has gotten to "helpful" over the years for my tastes).

1 Like

FYI DietPi is Debian based and available for a lot of SBC's, including the Odroid C2.


The main benefit is that the RPI4 has substantially more CPU power & RAM than 95% of routers.
Been using RPI4 ($35) with a TL-SG108E VLAN switch ($30) works a charm.
Port 8 -> Access Port Vlan 8 - WAN
Port 7 -> RPI4 trunk port with vlan tagging
Port 1-6 -> Access Ports Vlan 1 - Internal
Not using WiFi (yet)


Just to give my 2 cents, for my specific project, the RPi4 simply has the best price to performance that we've been able to find so far. For $35 it hits almost 500Mbit over the encrypted yggdrasil mesh networking protocol, meanwhile the espressobin for more money only does ~300. Combine that with the smaller form factor of the Pi, the availability of cases (espressobin has a pricey bundle with the case but otherwise needs to be independently sourced / 3d printed), and the ubiquitous nature of the Pi (can be picked up same day at microcenter) makes it a great sell for mesh networking projects where a single port is fine for some configurations (relay node when combined with radios that have an aux ethernet, non-exit node, plus the flexibility to expand later with a USB3 eth adapter). In addition, the built in AC wifi makes it useful in an AP configuration. We are waiting with bated breath for openwrt support so we can include it in our automatic builds instead of having manually configured raspbian-based prototypes that lack a lot of the openwrt features because we don't want to reinvent the wheel if openwrt support is coming soon.


OpenWrt does support Raspberry pi 4 b, I'm using it as a vpn client with average speeds of 80 mbps ,great speed for a $35 device.
OpenSSL speed benchmark on OpenWrt:

root@OpenWrt:~# ubus call system board
        "kernel": "4.19.57",
        "hostname": "OpenWrt",
        "system": "ARMv7 Processor rev 3 (v7l)",
        "model": "Raspberry Pi 4 Model B Rev 1.1",
        "board_name": "raspberrypi,4-model-b",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "revision": "r10622-e09da0169a",
                "target": "brcm2708/bcm2709",
                "description": "OpenWrt SNAPSHOT r10622-e09da0169a"
root@OpenWrt:~# openssl speed
Doing md4 for 3s on 16 size blocks: 3121842 md4's in 2.99s
OpenSSL 1.1.1c  28 May 2019
built on: Mon Jul 29 08:13:45 2019 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr) 
compiler: arm-openwrt-linux-muslgnueabi-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -fpic -ffunction-sections -fdata-sections -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md2                  0.00         0.00         0.00         0.00         0.00         0.00 
mdc2                 0.00         0.00         0.00         0.00         0.00         0.00 
md4              16705.51k    60229.65k   174903.81k   344357.21k   472470.87k   484418.44k
md5              39781.38k   103644.10k   201775.96k   264625.15k   290736.81k   291897.34k
hmac(md5)        14862.84k    53759.72k   138745.94k   226699.17k   283596.12k   287555.58k
sha1             39244.18k   101676.69k   197682.00k   258336.77k   283257.51k   284813.99k
rmd160           12648.92k    38548.47k    87865.86k   130038.10k   150765.57k   152464.04k
rc4             146242.21k   161480.84k   164204.03k   165571.55k   166436.86k   166242.99k
des cbc          30569.85k    31565.63k    31813.69k    31910.91k    31959.76k    31905.11k
des ede3         11472.44k    11647.45k    11692.71k    11698.18k    11709.90k    11703.64k
idea cbc             0.00         0.00         0.00         0.00         0.00         0.00 
seed cbc             0.00         0.00         0.00         0.00         0.00         0.00 
rc2 cbc          21013.84k    21486.63k    21687.55k    21717.67k    21749.76k    21747.03k
rc5-32/12 cbc        0.00         0.00         0.00         0.00         0.00         0.00 
blowfish cbc     52266.09k    56036.20k    56841.73k    57342.97k    57319.42k    57218.39k
cast cbc         50242.81k    53528.00k    54395.38k    54388.44k    54834.34k    54379.54k
aes-128 cbc      81303.91k    91043.99k    93121.84k    94192.64k    94639.45k    94333.61k
aes-192 cbc      70867.96k    76297.08k    79553.19k    80441.34k    80519.17k    80434.52k
aes-256 cbc      62744.51k    66822.42k    69417.81k    70040.23k    70246.40k    70107.14k
camellia-128 cbc        0.00         0.00         0.00         0.00         0.00         0.00 
camellia-192 cbc        0.00         0.00         0.00         0.00         0.00         0.00 
camellia-256 cbc        0.00         0.00         0.00         0.00         0.00         0.00 
sha256           27665.74k    66055.36k   121110.69k   151879.75k   164083.03k   165167.10k
sha512           10105.03k    40514.22k    60127.12k    82336.09k    93487.10k    94851.26k
whirlpool            0.00         0.00         0.00         0.00         0.00         0.00 
aes-128 ige      75997.69k    86769.28k    89634.47k    91054.83k    90819.24k    90204.84k
aes-192 ige      66765.34k    73794.92k    76878.42k    77629.44k    77824.00k    77425.32k
aes-256 ige      59403.92k    65007.51k    67467.35k    68065.62k    68141.06k    67753.30k
ghash           170551.80k   188023.85k   191572.48k   191956.31k   192525.65k   192708.61k
rand              1894.51k     6997.84k    21122.56k    41174.83k    57059.90k    59031.72k
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000299s 0.000020s   3342.6  49587.0
rsa 1024 bits 0.001253s 0.000050s    798.2  20050.6
rsa 2048 bits 0.006901s 0.000154s    144.9   6495.9
rsa 3072 bits 0.018992s 0.000315s     52.7   3174.3
rsa 4096 bits 0.040323s 0.000536s     24.8   1867.3
rsa 7680 bits 0.222222s 0.001753s      4.5    570.6
rsa 15360 bits 1.571429s 0.006750s      0.6    148.1
                  sign    verify    sign/s verify/s
dsa  512 bits 0.000378s 0.000250s   2646.1   4007.1
dsa 1024 bits 0.000762s 0.000595s   1311.9   1680.8
dsa 2048 bits 0.002058s 0.001771s    486.0    564.5
                              sign    verify    sign/s verify/s
 160 bits ecdsa (secp160r1)   0.0011s   0.0008s    944.9   1189.8
 192 bits ecdsa (nistp192)   0.0015s   0.0012s    658.5    869.3
 224 bits ecdsa (nistp224)   0.0022s   0.0016s    453.9    607.1
 256 bits ecdsa (nistp256)   0.0002s   0.0006s   4216.2   1613.7
 384 bits ecdsa (nistp384)   0.0080s   0.0055s    124.8    182.2
 521 bits ecdsa (nistp521)   0.0201s   0.0136s     49.7     73.8
 163 bits ecdsa (nistk163)   0.0012s   0.0023s    841.7    432.0
 233 bits ecdsa (nistk233)   0.0019s   0.0037s    525.3    272.7
 283 bits ecdsa (nistk283)   0.0034s   0.0067s    291.1    148.8
 409 bits ecdsa (nistk409)   0.0072s   0.0140s    139.3     71.6
 571 bits ecdsa (nistk571)   0.0167s   0.0325s     59.8     30.8
 163 bits ecdsa (nistb163)   0.0013s   0.0024s    797.1    409.4
 233 bits ecdsa (nistb233)   0.0020s   0.0040s    489.0    249.9
 283 bits ecdsa (nistb283)   0.0038s   0.0074s    265.5    135.2
 409 bits ecdsa (nistb409)   0.0080s   0.0156s    125.2     64.0
 571 bits ecdsa (nistb571)   0.0189s   0.0366s     52.9     27.3
 256 bits ecdsa (brainpoolP256r1)   0.0028s   0.0022s    357.5    448.4
 256 bits ecdsa (brainpoolP256t1)   0.0028s   0.0021s    358.1    485.6
 384 bits ecdsa (brainpoolP384r1)   0.0080s   0.0060s    124.8    165.5
 384 bits ecdsa (brainpoolP384t1)   0.0080s   0.0055s    125.2    181.7
 512 bits ecdsa (brainpoolP512r1)   0.0113s   0.0084s     88.3    118.7
 512 bits ecdsa (brainpoolP512t1)   0.0113s   0.0078s     88.8    128.8
                              op      op/s
 160 bits ecdh (secp160r1)   0.0010s    999.1
 192 bits ecdh (nistp192)   0.0014s    692.1
 224 bits ecdh (nistp224)   0.0021s    476.5
 256 bits ecdh (nistp256)   0.0004s   2347.7
 384 bits ecdh (nistp384)   0.0077s    130.7
 521 bits ecdh (nistp521)   0.0192s     52.2
 163 bits ecdh (nistk163)   0.0011s    894.3
 233 bits ecdh (nistk233)   0.0018s    560.2
 283 bits ecdh (nistk283)   0.0032s    307.7
 409 bits ecdh (nistk409)   0.0067s    148.7
 571 bits ecdh (nistk571)   0.0157s     63.7
 163 bits ecdh (nistb163)   0.0012s    840.2
 233 bits ecdh (nistb233)   0.0019s    517.9
 283 bits ecdh (nistb283)   0.0036s    278.7
 409 bits ecdh (nistb409)   0.0076s    132.1
 571 bits ecdh (nistb571)   0.0178s     56.3
 256 bits ecdh (brainpoolP256r1)   0.0027s    375.0
 256 bits ecdh (brainpoolP256t1)   0.0027s    375.4
 384 bits ecdh (brainpoolP384r1)   0.0077s    130.7
 384 bits ecdh (brainpoolP384t1)   0.0076s    131.2
 512 bits ecdh (brainpoolP512r1)   0.0108s     92.3
 512 bits ecdh (brainpoolP512t1)   0.0108s     92.8
 253 bits ecdh (X25519)   0.0005s   2036.5
 448 bits ecdh (X448)   0.0020s    506.4
                              sign    verify    sign/s verify/s
 253 bits EdDSA (Ed25519)   0.0002s   0.0006s   5494.8   1813.0
 456 bits EdDSA (Ed448)   0.0006s   0.0022s   1648.3    460.0
root@OpenWrt:~# uptime
 12:43:01 up 17:48,  load average: 0.00, 0.19, 0.47

Is that the rpi2 build? I wasn't aware that the builds were compatible across versions. I was looking out for a rpi4 image, since the openwrt wiki (last I checked) has no mention of the 4 or what image to use.

It's still missing from snapshots ¯\_(ツ)_/¯


Also is that 32 bit only support? The commit message suggests the 64 bit build isn't fully functional.

What's the profile name btw? Might as well start adding it to our project if it builds.

You could build it if you wish.

I don't own the device and therefore I don't know. You may ask @tmomas.

There is not an image specific for the Raspberry Pi 4 ,snapshots bcm2709 32 bits images can be used on Raspberry Pi 2B,3B,3B+,4B

Hardware based AES-NI is only available in 64 bit builds for the Raspberry Pi, right? Does anyone know whether we will see 64 bit OpenWRT builds in the future for the Raspberry Pi?

According to the RPi developers, Broadcom and the RPi foundation did not license the h/w crypto extensions (as necessary for hardware accelerated AES support). Basically every other ARMv8 hardware vendor did, the RPi4 does not (given that the RPi foundation is still pushing 32 bit ARMv6 images, they probably didn't care).

1 Like

Does that mean it is impossible to use, even with software support? Or does that only mean that Raspberry Pi's "official" images lack this functionality? ie, would it be possible for OpenWRT to support this if it is build for the correct architecture?

It means the silicon doesn't contain the necessary IP blocks to support hardware accelerated crypto functions, regardless of the software you're going to run on it. While using it in ARMv8 mode will still provide better performance, you won't get hardware AES.


Got it, that makes sense. Thanks for clearing that up :slight_smile: Will OpenWRT support the ARMv8 instruction set in the future? Would that be as simple as compiling the same image for a different target, or will that require additional work?

Does anyone know if the openwrt image for rpi provides any mechanism for overclocking? We've gotten a decent speed boost using raspbian and 1.75Ghz and plan on using active cooling on all our devices.

Overclock the rpi on OpenWrt is similar to raspbian, simply editing the config.txt in the /boot directory of the microSD card.I did a test on 2 Ghz using a regular heat sink and temperature hit 80 °C during the test.
Raspberry Pi 4 b 2 GHz openssl benchmark:

root@OpenWrt:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_max_freq
root@OpenWrt:~# openssl speed
OpenSSL 1.1.1c  28 May 2019
built on: Mon Jul 29 08:13:45 2019 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr) 
compiler: arm-openwrt-linux-muslgnueabi-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -fpic -ffunction-sections -fdata-sections -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md2                  0.00         0.00         0.00         0.00         0.00         0.00 
mdc2                 0.00         0.00         0.00         0.00         0.00         0.00 
md4              22312.03k    80464.00k   234455.76k   459831.64k   629639.85k   648265.73k
md5              53301.98k   138269.33k   269234.09k   352757.42k   385796.78k   388606.63k
hmac(md5)        20363.18k    68089.73k   177498.62k   301418.50k   377217.02k   383920.81k
sha1             52477.95k   135640.83k   263416.15k   344583.51k   377525.59k   380005.03k
rmd160           16872.04k    51353.64k   117572.52k   173532.84k   200695.81k   202970.45k
rc4             195071.66k   214663.47k   218969.34k   221346.13k   221978.62k   222063.27k
des cbc          40740.36k    42102.25k    42472.87k    42569.73k    42562.90k    42620.25k
des ede3         15302.76k    15547.93k    15655.64k    15616.68k    15619.41k    15613.95k
idea cbc             0.00         0.00         0.00         0.00         0.00         0.00 
seed cbc             0.00         0.00         0.00         0.00         0.00         0.00 
rc2 cbc          28013.22k    28677.53k    28929.37k    29000.36k    29010.60k    29016.06k
rc5-32/12 cbc        0.00         0.00         0.00         0.00         0.00         0.00 
blowfish cbc     70143.71k    74719.57k    76050.49k    76336.13k    76393.13k    76322.13k
cast cbc         67323.52k    71499.41k    72465.58k    72884.22k    72441.86k    72641.19k
aes-128 cbc     108758.92k   121282.67k   124734.24k   125689.17k   125796.35k   125561.51k
aes-192 cbc      94570.01k   101598.83k   106043.82k   107162.97k   107186.86k   107063.98k
aes-256 cbc      83705.85k    89150.74k    92619.61k    93500.76k    93720.32k    93443.41k
camellia-128 cbc        0.00         0.00         0.00         0.00         0.00         0.00 
camellia-192 cbc        0.00         0.00         0.00         0.00         0.00         0.00 
camellia-256 cbc        0.00         0.00         0.00         0.00         0.00         0.00 
sha256           36885.09k    88275.39k   160978.43k   202307.93k   218912.09k   220326.57k
sha512           13510.17k    54115.88k    80571.93k   109762.49k   124431.02k   126682.84k
whirlpool            0.00         0.00         0.00         0.00         0.00         0.00 
aes-128 ige     101712.02k   115867.46k   119690.33k   120927.57k   119496.70k   119788.89k
aes-192 ige      89230.10k    98496.30k   102757.80k   103681.71k   102656.68k   102525.61k
aes-256 ige      79506.68k    86857.56k    90023.08k    90713.09k    89879.89k    90424.34k
ghash           226646.46k   250854.27k   255623.42k   256037.89k   256871.08k   257037.65k
rand              2495.63k     9143.29k    27525.33k    54480.59k    76128.26k    78725.39k
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000224s 0.000015s   4467.6  66594.4
rsa 1024 bits 0.000942s 0.000037s   1061.7  26887.2
rsa 2048 bits 0.005163s 0.000116s    193.7   8650.2
rsa 3072 bits 0.014300s 0.000235s     69.9   4250.3
rsa 4096 bits 0.030242s 0.000402s     33.1   2487.9
rsa 7680 bits 0.166066s 0.001315s      6.0    760.2
rsa 15360 bits 1.180000s 0.005058s      0.8    197.7
                  sign    verify    sign/s verify/s
dsa  512 bits 0.000283s 0.000185s   3533.9   5404.1
dsa 1024 bits 0.000574s 0.000451s   1741.7   2217.2
dsa 2048 bits 0.001545s 0.001351s    647.4    740.0
                              sign    verify    sign/s verify/s
 160 bits ecdsa (secp160r1)   0.0008s   0.0006s   1265.3   1605.1
 192 bits ecdsa (nistp192)   0.0011s   0.0009s    881.1   1146.9
 224 bits ecdsa (nistp224)   0.0017s   0.0012s    603.5    807.9
 256 bits ecdsa (nistp256)   0.0002s   0.0005s   5626.7   2151.9
 384 bits ecdsa (nistp384)   0.0060s   0.0042s    166.4    239.8
 521 bits ecdsa (nistp521)   0.0151s   0.0100s     66.4     99.8
 163 bits ecdsa (nistk163)   0.0009s   0.0017s   1114.4    573.7
 233 bits ecdsa (nistk233)   0.0014s   0.0028s    692.6    358.4
 283 bits ecdsa (nistk283)   0.0026s   0.0050s    388.1    198.6
 409 bits ecdsa (nistk409)   0.0054s   0.0105s    185.8     95.0
 571 bits ecdsa (nistk571)   0.0125s   0.0245s     79.7     40.9
 163 bits ecdsa (nistb163)   0.0009s   0.0018s   1060.5    542.8
 233 bits ecdsa (nistb233)   0.0015s   0.0030s    651.7    333.8
 283 bits ecdsa (nistb283)   0.0028s   0.0055s    354.2    180.6
 409 bits ecdsa (nistb409)   0.0060s   0.0118s    166.6     85.0
 571 bits ecdsa (nistb571)   0.0141s   0.0275s     70.8     36.4
 256 bits ecdsa (brainpoolP256r1)   0.0021s   0.0017s    477.5    605.2
 256 bits ecdsa (brainpoolP256t1)   0.0021s   0.0016s    477.5    641.6
 384 bits ecdsa (brainpoolP384r1)   0.0060s   0.0045s    166.6    222.2
 384 bits ecdsa (brainpoolP384t1)   0.0060s   0.0042s    166.8    240.9
 512 bits ecdsa (brainpoolP512r1)   0.0085s   0.0063s    117.4    159.5
 512 bits ecdsa (brainpoolP512t1)   0.0084s   0.0058s    118.5    173.5
                              op      op/s
 160 bits ecdh (secp160r1)   0.0007s   1343.1
 192 bits ecdh (nistp192)   0.0011s    922.9
 224 bits ecdh (nistp224)   0.0016s    635.4
 256 bits ecdh (nistp256)   0.0003s   3127.8
 384 bits ecdh (nistp384)   0.0057s    174.3
 521 bits ecdh (nistp521)   0.0143s     69.8
 163 bits ecdh (nistk163)   0.0008s   1193.1
 233 bits ecdh (nistk233)   0.0013s    742.6
 283 bits ecdh (nistk283)   0.0024s    410.0
 409 bits ecdh (nistk409)   0.0050s    198.4
 571 bits ecdh (nistk571)   0.0118s     84.9
 163 bits ecdh (nistb163)   0.0009s   1119.8
 233 bits ecdh (nistb233)   0.0014s    690.3
 283 bits ecdh (nistb283)   0.0027s    372.1
 409 bits ecdh (nistb409)   0.0057s    176.3
 571 bits ecdh (nistb571)   0.0133s     75.2
 256 bits ecdh (brainpoolP256r1)   0.0020s    499.8
 256 bits ecdh (brainpoolP256t1)   0.0020s    499.8
 384 bits ecdh (brainpoolP384r1)   0.0057s    174.4
 384 bits ecdh (brainpoolP384t1)   0.0057s    175.1
 512 bits ecdh (brainpoolP512r1)   0.0081s    122.9
 512 bits ecdh (brainpoolP512t1)   0.0081s    123.8
 253 bits ecdh (X25519)   0.0004s   2719.5
 448 bits ecdh (X448)   0.0015s    672.8
                              sign    verify    sign/s verify/s
 253 bits EdDSA (Ed25519)   0.0001s   0.0004s   7299.6   2409.9
 456 bits EdDSA (Ed448)   0.0005s   0.0016s   2192.8    613.8

1 Like