All,
I’m looking for the most important consideration for a computer that will be a router (pfsense, Untangle, etc) and also running openvpn-based client software for a whole-house vpn connection. The background:
I have fiber internet at the 100 Mbps level, though I typically get over 200Mbps (speedtest.com) from a wired connection. I’m running an Asus RT-AC68U (dual-core ARM, 1Ghz) with AsusMerlin firmware. I setup a VPN client for whole-house VPN and got an 80-90% reduction of internet speeds, which was unacceptable.
I subsequently discovered that openvpn is a single thread operation, and that my router hardware was likely not able to keep up with the encryption. After installing the client software onto my personal box (Ryzen 5 APU, 3.6Ghz) I get speeds much more in line with the 10-20% speed penalty that’s typically advertised for openvpn connections.
I am intending to deploy pfsense as my router solution. To maximize my potential vpn speeds, what single criterion do I need to look for when shopping for the hardware for my router. Is it clock speed? # of cores?
TIA,
Anthony, normie
The bottleneck is always going to be CPU. If your connection is slow consider lowering encryption if security allows it.
Decent home routers will struggle to deliver more then 20mbit. Some high end devices (Linksys wrt3200) might be able to do 100mbit.
Nas devices with Intel CPUs and possibly an aes-ni module (Synology ds218+) will do better than that, probably 250mbit but the range of available CPUs in these devices is huge.
Desktop processors are obviously the best choice if throughput is your goal. A 2200g in a shoe box, cheap motherboard, 2x4gb ram and small ssd would do upwards of 400mbit I guess…
Edit: to clarify: I pretty much pulled those numbers out my ass…
You pretty much already figured it out… a cpu with a high clock rate for single thread. Having multiple cores won’t hurt for doing other stuff but the higher your clock for openvpn the better. Build a small mATX computer with a better cpu and should be good to go.
Also this is a good read.
https://www.privateinternetaccess.com/blog/2018/08/hardware-acceleration-is-here-for-routers-using-openvpn/
EDIT: in pfSense there is a way to harness multiple cores for increased throughput over VPN - and it works well.
Is this the ‘load balancing’ pfsense can perform or something else?