Can I expect a Late 2014 Mac Mini to route at Gigabit speeds if I run OpenWRT in a VM? I ask because I'm familiar with the famous read this first post, but I don't know what kind of performance to expect out of the hardware I'm using. I assumed that my Mac Mini would be more powerful than a regular router, but maybe that assumption is wrong?
I flashed the openwrt-22.03.5-x86-64-generic-ext4-combined.img image, and added two Thunderbolt 2 Gigabit adapters so that I can use one for WAN and one for LAN. With an actual router, I'm getting close to what I'm supposed to get from my ISP, which is around 1 Gbps. When I use OpenWRT, I get around 100 Mbps, and I'm not sure why this is happening. The load never exceeds 0.5, as shown in the Realtime Graphs menu, so I don't think I'm being bottlenecked by my hardware. All of these speeds are measured over Ethernet. What's interesting is that I can get Gigabit speeds if I do iperf tests between LAN hosts, but I always get terrible speeds for LAN to WAN connections.
I'll attach my configs below if it helps.
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdbf:9c34:46e2::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.0.0.1'
list ipaddr '10.52.77.1/24'
list ipaddr '192.168.56.2/24'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
Thanks for the quick reply. I'll read that over right now.
Between now and my initial post though, I turned on software flow offloading and I squeezed out another 50-100 Mbps.
I'm still trying to see if my hardware is indeed too slow, and if it is, I'll just go back to my old router.
I will give that a shot in the morning. I wanted to use the VM because I also wanted to do other things on the Mac Mini, but I can try booting OpenWRT off a USB. Hopefully OpenWRT recognizes my Thunderbolt to Ethernet dongles. I'll do it in the morning because I tried some things out in @lleachii's link and ended up messing up my internet connection (hence my delayed response) Thank you for your response, I'll get back to you!
Yea, some of the tests produced very slow connection.
I wasn't sure if you required MacOS to be running as the Host OS. I was gonna suggest ESXi or some other Hypervisor software - but I'm not sure what other ones are avaliable for MacOS.
My only solutions for Gigabit speeds on x86_64 have been:
Using ESXi on purpose-built Hypervisor servers (I have received 10 Gbps speed on VMs running the Linux Kernel)
Running bare metal on consumer desktops, laptops, etc. (in that thread, I moved to bare metal with an e1000e card)
It was also mentioned that the virtual adapters act weird, and it was a known issue upstream.
I hope you have some success with the USB adapters in the morning.
I should clarify that these are not USB but Thunderbolt 2 to Ethernet adapters. I think the difference is that the NIC shows up as a PCI device instead of a USB device.
Following up with the suggestions from @frollic and @lleachii, I tried installing ESXi and Proxmox on my Mac Mini, but I run into a consistent issue where I can't access the WAN from the LAN port. Doing ping and speedtests from the OpenWRT shell work normally and can reach the internet, but I don't know where else to check to troubleshoot WAN connectivity. Both issues occur on a fresh install on mostly default settings.
Below are my most recent configs:
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
#config redirect
# option src wan
# option src_dport 22001
# option dest lan
# option dest_port 22
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
root@OpenWrt:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN qlen 1000
link/ether <redacted> brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN qlen 1000
link/ether <redacted> brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
link/ether <redacted> brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether <redacted> brd ff:ff:ff:ff:ff:ff
inet <redacted (external IP)> brd <redacted (external IP mask)> scope global eth3
valid_lft forever preferred_lft forever
inet6 fe80::f634:f0ff:fee6:3bfd/64 scope link
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether <redacted, eth2 MAC> brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fd81:19f1:f91a::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::f634:f0ff:fee6:b5b2/64 scope link
valid_lft forever preferred_lft forever
Oops, I fixed it. My issue was that the WAN port was connected to my backup router instead of the bridge port of my ISP router.
I have another funny problem. My upload speed is almost exactly halved after installing OpenWRT. Does this have to do with my hardware?
My final question that I'd still like to ask: how can I tell if I'm being bottlenecked by my hardware? I know some routers can't do Gigabit speeds after installing OpenWRT and that the speeds I had before were probably because of VirtualBox and how it virtualized the network interfaces.
Your Mac Mini is waaaaaay more powerful than any off the shelf router. It will have absolutely zero problems with the load of routing packets at gigabit speeds or beyond, frankly.
Thanks for the reply. In the end, I installed OpenWrt on Proxmox and stopped using macOS on my Mac Mini. This allowed me to directly passthrough the Thunderbolt connectors to OpenWrt and achieve maximum speed, while still being able to do other things with other VMs on Proxmox.
Thank you for your response, I'll get back to you! 
