I’m looking to buy a router which can do the following:
Wireguard speed of 900mbps or higher (using protonvpn on the router itself)
Multi-VPN servers support (meaning i can pretend my tv to be on lets say Canada IP, phone on US IP, laptop on Norway IP, etc. (all using protonvpn)
Ability to use the internet without/bypassing VPN on some or all of my devices (to access websites which doesn’t work on VPN or if i feel VPN is slow).
I’m bad with networking so please tell me what to buy and how to config it like i’m five years old. If i can buy flashed router that would be great.
What you're asking for can be tricky even for experienced power users, so if you're "bad with networking", you're definitely not going to have a good time. If you want to make this work, be prepared to implement this methodically, focusing on one thing at a time. This makes troubleshooting easier to do. Build up small successes before doing the whole thing, or you will cause yourself needless frustration.
Don't buy any new and expensive hardware until you know you can make your setup work. Do this on your existing router if OpenWrt supports it. If it doesn't, go buy a cheap and/or used but supported device so you can experiment. Don't worry if it's VPN performance sucks, you're just using it to confirm a working configuration.
Here's a sketch of a plausible implementation path for this kind of setup:
Create an IP addressing plan for your virtual LANs (VLAN). For example, you might come up with this:
VLAN 1: 192.168.1.0/24 to all your "non-VPN" devices.
VLAN 2: 192.168.2.0/24 to all your "Canadian" devices
VLAN 3: 192.168.3.0/24 to all your "American" devices
VLAN 4: 192.168.4.0/24 to all your "Norwegian" devices
Configure DHCP server to hand out addresses from one of the above subnets based on the VLAN the DHCP client is attached to.
For WiFi devices, set up per-passphrase WiFi VLANs so you can assign phones, tablets, etc. to a specific VLAN simply by giving them the correct passphrase.
Go to your Proton VPN account and generate a Wireguard configuration. Apply this configuration to a new Wireguard interface and see that you get a successful handshake.
Repeat step 4 to obtain multiple Wireguard interfaces, each configured for a different country.
Set up routes and firewall rules to "connect" each VLAN to the correct Wireguard interface.
Do not try to do everything at once, because each of the above steps can be time consuming to implement and troubleshoot. I would suggest learning about and figuring out VLANs first before even tackling the Wireguard part.
To add I have something like you want running e.g. multiple WG clients and even a WG server to connect to my home.
Tied all together with Policy Based routing
I use a Dynalink DL-WRX36 which has a quad core Arm A53 2.2 GHz but that does slightly over 800 Mb/s running WireGuard.
I do not use the NSS build, theoretical that would get you even more performance but that is still experimental IMHO.
So the newest and most powerful routers barely deliver the kind of performance you want, so you should consider an X86 mini PC.
Of course this will add to the complexity as you need AP's to do the wireless for you.
Mediatek or not, on USB won't make it better, since it's not designed for AP purpose, I do have a few with driver, but none of them can run stable enough in long term.
Asus RT-AXE7800 (has VPN fusion), do you think it will beat GL inet flint 2’s Wireguard speed? (Flint 2 having less powerful specs than this Asus is saying 900mbps on Wireguard)
1., 2. and 3. possible on this Asus router? What i need to do for that?