VPN needs CPU power, especially at higher WAN speeds - fast multi-core ARMv7/ ARMv8 routers are required (and/ or a supported hardware AES unit).
ER-X is interesting, but I'd prefer something with WiFi. But it's really cheap, therefore I am considering it 
Does it have enough performance for 100 Mbit/s WAN speed + VPN server providing +- the same speed?
For Wan speeds there is enough power for 1GBit, for OpenVPN i never tested it 
We use several Edgerouters for VoIP over OpenVPN in our Company without any issues.
If you are not in a hurry, i will test it today and come back with the results.
Perfect, thanks a lot, I can wait a bit
Quick & dirty test with OpenVPN & AES-256-CBC/SHA512 -> average 30Mbit
PPTP is not considered secure. I think most LEDE users of VPN use OpenVpn.
You don't indicate how many clients will need to connect or how they will use the service, but as noted get something with AES and configure your encryption to match. The more horse power the better, so consider an x86 based device like a PC-Engines APU2 or SFF PC.
Encryption will crush your OpenVpn speeds compared to your network speeds. From a a practical perspective guenti_r's 30Mbit speeds should be sufficient unless you move very large files. If your clients are running from remote locations (hotels, hotspots, etc) they probably will not have connection speeds that high, though they probably will from home.
Personally I think you are better off with a router and a separate AP. You are probably constrained on where you have to locate your router by incoming cables, but a separate AP allows you to optimize your wireless.
1 Like
Wow, 30 Mbit/s is much less than I expected for such powerful device.
There will be really few users - max. 2-3 concurrent VPN connections. OpenVPN is a good idea, I just don't like the OpenVPN clients. SSTP on LEDE is not possible, right?
Thats not fair, for a Device without Hardware-Support for 50 Bucks, the Performance is IMHO not bad.
You better go to x86-Hardware or "professional" Firewalls .e.g. Fortigate etc..
The price is more than good, so I will probably take it. I don't need "pro" device or x86:slight_smile: Thanks a lot for all info.
PS.: maybe wireguard is an option for you?
Maybe. Going to check it
Understand the nature of your traffic. 30Mbits is more than robust enough for almost any need. It's just not the more and more and more speed our ISP's tell us we need.
I have been looking at the ER-X and thinking of just running it stock. If I recall it has IPSec in the GUI
With around 200-300$ of x86 hardware (like a PCEngines APU, which is designed for these jobs) you can probably pull that off, but asking 100Mbit of VPN to an embedded device is too much, and once you are past the 200$ of cost, any embedded device loses so badly to same-priced x86 hardware that it's not even funny.
You can place the VPN server inside a VM running on a PC too.
I'd still make sure you really need 100 MBit. I assume you need to access shared folders or transfer files around.
As for wireguard, here is a how-to for setting it up in a LEDE device https://danrl.com/blog/2017/luci-proto-wireguard/
EDIT: in case you didn't know, there are LEDE builds for x86 too, so you can run LEDE on a PCEngines APU system (or pfSense or anything else)
1 Like
Thanks a lot all of you guys I have at least something to think about and consider
1 Like
deployed some old hardware (as vpn endpoints) with via cpu that support padlock (dell wyse Cx0 ~8W power usage) and they give me like ~140mb/s on ipsec/l2tp, ~30mb/s openvpn, ~50mb/s openvpn no encryption, didn't had time to test wireguard on those yet
edit:
linksys wrt3200acm gives me ~250mb/s on wireguard
I use Linksys Wrt 3200acs For VPN and get about 60mbit.
For all other Listeners to this Thread:
Please provide more Details:
Which Open-VPN-Version is used (SSL, MBED, No-SSL)
Is Crypto-Acceleration-Support enabled in Open-SSL?
Which chiper is used (none, AES-128-CBC, AES-256-GCM etc..)
Which auth is used (none, SHA1, SHA512 etc..)
So we can better compare different Devices.
NETGEAR Wireless Router AC1900 R7000 is indeed a best VPN router when you are willing to set up a VPN server with this router. Here is the solution provided by Netgear Community http://kb.netgear.com/app/answers/detail/a_id/23854/~/how-do-i-use-the-vpn-service-on-my-nighthawk-r... you must go through to find a better solution.
Give a look to SoftEtherVPN. It's a pretty good catch-all and is less complicated IMO.
also is very easy to setup