I am running gigabit fiber into rock64pro to handle VPN, then i need to run this into a cheap router for Wifi access and a couple Lan connections, just for home use.
Do i need a router with dual 1.4ghz cpu? Or can a normal one core 800mhz router do this since the rock64pro is handling all the processing? What specs am i looking for exactly besides wireless AC?
Not an answer, but WiFi drivers also require a bit of CPU, as does bridging WiFi to the switch... depending on the WiFi speed you are after 1 single core 800MHz MIPS CPU might be enough. Since these are relatively cheap (on ebay and friends) maybe start with that solution and only upgrade if your load merits that?
I can certainly try but i wouldnt know if that was the bottleneck or if it was elsewhere, hopefully someone can shed some light into this so i can eliminate this as a possibility
Well a router/AP running out of CPU is not that hard to diagnose: you get less performance /throughput than you expect and at the same time indications that the CPU (of with multicore devices at least one CPU) is essentially fully saturated.
I dont know what to expect at this point, there is no data on how much bandwidth a rock64pro can handle with a vpn
From the readings, and posting; will the Rock64pro be the device you use Wireguard on?
Yes, i got the rock64pro to handle the vpn connection, my nighthawk is struggling to choking on openvpn and it was told to me here that buying a consumer router that could handle gigabit vpn encryption would be hard to find or very expensive
You've done a lot of research posting and have gotten great pointer in the forethought of your network design. I did all my decisions in hindsight with a router I purchased in 2019.
I too have a commercial service and used OpenVPN form the config files provide for several VPN providers over the past decade on PC's or Android devices, that is up until I put the MikroTik in action to do it from the router.
I used the package OpenVPN on the router as a default route; hindered by the learning curve and the MikroTik processing speed; the hit was one third of the ISP's bandwidth. Just not worth the hit on speed, for the sake of being full house VPN.
When I ran across a thread pertaining to how to use WireGuard, things changed dramatically in the reliability of speed.
I've read you've have reservations using WireGuard because it is difficult to configure for your provider, however, the time you've spent on your threads asking pertinent question has introduced you to the community and the community to you. Continue your search for answers and see if it guides you to members willing to share good/easy configs for better VPN experience with your provider.
I plan on using wireguard since it was suggested by my provider and people on here that it would be much faster, and someone explained i can just open the config file and paste the contents into openwrt wireguard. Im just confused as to what a dumb ap actually requires in CPU and RAM for a gigabit connection, since it does not have to do any of the other functions of a router, its resources wont be under as high demand. I dont even know if that is really the problem though, i am downloading a movie at 3MB/s now, my ddwrt router (running openVPN) is showing 50% CPU load, most of the memory is free.
That is contradictory to everything i have been told so far, that my cpu is weak and bottlenecked the connection. If that were true i would be able to get almost 2x as more speed. Maybe it is just OpenVPN being poor at what it does and unable to utilize system resources. I will have to experiment and see for myself.
What kind of router are you using, especially how many CPUs does that router have? A load of 50% on a dual core router can mean anything from one CPU running at 100% the other at 0%, or both running at 50%... (reading CPU load from top on OpenWrt is a fools errand as busybox' top does not report per-CPU figures, htop however will (opkg update ; opkg install htop then run it and configure if to show "Detailed CPU time (System/IO-Wait/Hard-IRQ/Soft-IRQ/Steal/Guest)" in F2 --> Setup -> "Display options", as well as F2 --> Setup -> meters -> Right column -> CPU N [Text] (use t to toggle through htop's display stiles for that meter) for all CPUs, then for each CPU calculate the real effective load as 100% - what is reported as idle or what is missing in colored bars to fill the bar display all the way to the right end))
Its a dual core netgear R7000, i was looking at it and it never went over 50%, is openvpn single threaded? Or DDWRT? That might explain what im seeing here and why wireguard is recommended over this. Ill try htop when i get openvpn installed on my new gear, openwrt doesnt work on this netgear.
Well, as I explained on a dual core router like your R7000 50% can well mean one CPU is maxed out...
Not sure, but I assume it is single threaded giving that wireguard makes such a fuss about being multi-threaded 
Looks like it, wireguard is 4x faster on a quad core i7.
I have never used DD-wrt myself, but maybe htop is available there as well? Or the full top (instead of busybox limited version). In procps-ng top, pressing 1 will toggle between combined CPU(s) and per-CPU reports:
top - 20:36:58 up 4 days, 21:24, 2 users, load average: 0.03, 0.03, 0.00
Tasks: 167 total, 2 running, 165 sleeping, 0 stopped, 0 zombie
%Cpu(s): 1.0 us, 0.8 sy, 0.0 ni, 98.2 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15751.80+total, 7334.523 free, 469.488 used, 7947.789 buff/cache
MiB Swap: 32767.99+total, 32767.99+free, 0.000 used. 14949.72+avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
and
top - 20:37:17 up 4 days, 21:25, 2 users, load average: 0.02, 0.02, 0.00
Tasks: 164 total, 1 running, 163 sleeping, 0 stopped, 0 zombie
%Cpu0 : 0.3 us, 0.0 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
%Cpu1 : 0.7 us, 0.3 sy, 0.0 ni, 99.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15751.80+total, 7335.570 free, 468.441 used, 7947.789 buff/cache
MiB Swap: 32767.99+total, 32767.99+free, 0.000 used. 14950.77+avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
but again, no idea what dd-wrt offers.
Theres a commands section under administration tab, i input the quoted command and it returned "sh: eval: line 0: opkg: not found", ive never run commands on ddwrt no idea if it even works like terminal.
Ah, sorry, my instructions are for OpenWrt only, as I said no first hand experience with dd-wrt so I will be useless in answering dd-wrt questions.