I have several questions related to VPN Networking setup...
Basically, I'm looking for a OpenWrt compatible router that could handle NordVPN pre-configured OpenVPN server connections with a bandwidth speed "up to" 1Gbps.
Any Suggestions? USB port included models would be preferrable.
Although, if device suggestions happens to be significantly expensive then I'm alternatively thinking if it would be possible to use a decade old computer as an alternative instead of an expensive router?
(Quad core CPU, 4GB Ram, 2x wired 1Gbps network adapters (1x internal LAN, 1x USB 3.0 LAN ).
If ever computer suggestion would significantly be the better budget option, then...
would it be best to install OpenWrt x86 as a host operating system?
or would it be best to install OpenWrt as a virtual guest OS installed
(within a windows based host OS either via VmWare or via VirtualBox)
As for Wi-Fi...
would it be best to use a USB Wi-Fi Adapter for broadcasting access point
or, would it be best to use current used OpenWrt Router as a secondary connected network for Wi-Fi
(using both of the computer's LAN adapters, 1x for internet modem, 1x for secondary router)
And, if ever virtual OS is best from other prior above question, then...
would it be best for host OS (windows) to connect VPN (guest OpenWrt relying on host OS VPN)?
or would it be best to initialize VPN connection within virtual OpenWrt guest OS?
If OpenWrt VPN is best, then...
would it also be better to dedicate USB LAN adapter to guest os
(bypassing host OS so that host OS would receive internet from guest OS instead)
or best to leave a more common configured connection
(where guest OS is reliant on host OS status)
The RPi4(B) is also like the worst recommendation possible since it doesn't do hardware crypto.
If you want to go for the SBC route RK3999 like the RockPro64 is a much more suitable choice in that regard.
After further thoughts...
I figured I should go via the virtual route and run 1x virtual OpenWrt OS
...Broadcasting Wi-Fi either via:
virtual dedicaded USB Wireless adapter.
or through a secondary physical router connection.
Also thinking to have a dual access point setup in the manner of connecting a physical router directly on modem (as a regular setup) so that this specific access point wouldn't be VPN covered.
So I'd have 2 wireless access points:
1 virtualized access point that would be VPN covered.
1 physical access point that wouldn't be VPN covered.
Figured this approach to be easier instead of separating VPN between Wi-Fi Access Points within the same router...
A virtualized (pseudo-)wired router is one thing, that can work well if you're on top of your hypervisor setup (and effectively duplicate your router configuration on the hypervisor host[0]).
Wireless is another topic altogether, first of all as there are no 'good[1]' USB WLAN cards in the first place, but most of all because virtualized USB is fragile to begin with and wireless very timing sensitive.
Unless you're familiar with virtualization on an enterprise level -and are willing to maintain your home network as such- or only need your virtual router for testing or providing segmented networks for other virtual machines[2], a dedicated hardware router[3] installed on the bare hardware is always easier to manage and more robust. Especially as these days 'everything' depends on having internet access one way or another, starting from VoIP/ SIP phones to bootstrapping your home network (ntp, what about the hypervisor), driver updates, etc.
--
[0] at this point it begs to question why you'd need a router VM in the first place, you've already done 75% of the necessary configuration on the hypervisor host.
[1] capable of AP mode, being able to cope with heavy usage and 24/7 operations (heat dissipation among others), antennas worth talking about, antennas far enough apart for Mu-MIMO to work, …
[2] so involved not in the critical functionality, only involving systems that won't be a problem to miss.
[3] it doesn't really matter if x86_64, RPi4 or some more traditional 'plastic' wireless router, as long as it's fast enough to cope with your WAN speed and additional requirements.
