What router can handle at least 200/200Mbps+ on OpenVPN?

Hello!

Do we have any list or table with all new routers and the benchmark speed on OpenVPN?

I am searching for a OpenVPN router that can handle at least 200/200Mbps
(no wireguard). So total at least 400 Mbps troughput.

Thank you!

(Edited post).
Edit again.

Openvpn and witeguard is openvpn IN wireguard or vice versa? Hardware offloads impossible in chosen combo you need x86_64 cpu.

Quad-Core 2GHz:

  • Wireguard: 900 Mbps
  • OpenVPN: 200 Mbps

Now compare the clock against other routers.

For example:

Quad-Core 1.5GHz (it's 25% slower than the 2GHz), so you can consider, in a very rough estimation:

  • Wireguard: 900 * 0.75 = 675 Mbps
  • OpenVPN: 200 * 0.75 = 150 Mbps

Just a rough idea...

1 Like

Thank you, but I have seen quad core 1.5 Ghz router processors that perform similar to dual core 800 Mhz from TP-Link.

I mean I would be very thankful if I could get advice on router names.

GL-MT6000 Flint2 = about 200/200 Mbps
Linksys WRT3200ACM = about 150/150 Mbps

Seems like I should go for 2x routers instead, or maybe look for other routerOS then OpenWRT. That supports OpenVPN + failover, fallback and killswitch.

Thank you for all replies! :folded_hands:

There you go. However WG compare: https://forum.openwrt.org/t/a-wireguard-comparison-db/187586

1 Like

Thank you!

1 Like

I don't believe WRT3200ACM can give you 150Mbps (OpenVPN) with a dual-core 1.8GHz processor.

I'll be very surprised if it give you more than 100Mbps

I have Flint 2 and I'll very happy with it.

It gives more than 100Mbps easy, i could prove it but dont want to overload the whole network right now, sharing it with others...

I have flint2 also, have not tested OpenVPN only WireGuard.

(EDIT: using dd-wrt, maybe it is faster than openwrt or it is the extra 2x cooling i have that gives 150Mbps on it dunno)

1 Like

mt7621 ipsec offload 200/200, openvpn somewhere in works

1 Like

Cool? https://techinfodepot.shoutwiki.com/wiki/MediaTek_MT7621

This processor? :open_mouth:

That is on the shallow end, wireguard on cpu will be unusably slow. Filogic or minipc are more suitable for usable speeds

It sucks we cant see the speeds on this table.

It's not so simple, though. The trap here is that this assumes the same target/architecture. Linear scaling only works if you're talking about the same processor technology/family (and when all else is the same such as RAM and other services, bandwidth loads, etc. and also when the overheads can be considered negligible or are known to scale linearly). These generalizations don't often work across different architectures... that is the basis of the megahertz myth.

2 Likes

actually it can - the WRT3200 is an older processor core, but it's fairly capable...

Numbers look fine to me...

Other thing I have learn is that this ratings are not full duplex, it is only throughput!

That means for example if flink 2 can handle 200 Mbps OpenVPN its in fact only 100 up / 100 dl at the same time.

I didnt know this before.

I am not sure If I have calculated correctly, but if 2 persons are going to split 1 OpenVPN connection. Is this tabel normal?

With a Flint2 (IPQ8072A), splitting max troughput of 100 Mbps is about 30 dl/10 ul Mbps / per person.

What do you guys think? Thanks! :handshake:

I wouldn't worry about doing math dividing up bandwidth between ports. This, after all, is your router's job. I doubt any person or client is going to notice if you simply let your router (perhaps using layer_cake SQM) decide how to manage your throughout to all your clients. Years ago I worked with a FORTRAN program that manually managed virtual memory by writing and reading scratch files to disk on a VAX/VMS computer. It was terribly slow. What is the point of having - now a museum piece - a "cutting edge" Virtual Memory System OS if you don't let it do it's job :wink: ? Long story short, rewriting the code to the let the OS do its job provided a huge speed up.

I have a 500/20 ISP connection and a NanoPi R5C gateway router running layer_cake on the WAN. As of now, it has ~20 active DHCP client leases. Take a look at CPU load and CPU frequency over the last 2 hours. See that recent CPU load spike? I had to do a speedtest to make that happen. The vast majority of the time the gateway idles. The probability that two or three clients will make maximum demands at the same time is very low.

1 Like

Now there is OpenVPN DCO to open up more data channels which can improve speed.
And I doubt the MT7986AV has fast AES encryption engine that's why you don't see very high OpenVPN speed (most people using Wireguard these days now)

88F6820 is special, it really has encryption engine and that makes it standing out from many competitors at the time of release.

1 Like

Filogic 830 isn't that bad - it's got the crypto engine, and it's also arm64 with the crypto extensions...

MT6000 is a reasonable replacement for the old WRT1900's, and there, much better WiFi support.

flint2 is good for around 190Mbps on OVPN - WG is obviously more performant all told...