Does device performance matter over long distance VPN?


If setting up a private VPN to connect to my home in North America from a router located in Europe, does it even matter if you’re using something like the AR300M vs something like the Slate Plus / Beryl in terms of pure throughput over Ethernet?

My understanding is that considering the huge distance, there would be bottlenecks somewhere on the way that would drop the speed to below the 40Mbps that the AR300M16 is capable of anyways over Wireguard.

Basically, I’m stuck between getting two Shadows (permanent server + client), or spending four times as much to get two Slate Pluses. If the speed difference wouldn’t be large because of distance between these, then I’d rather save the money, AND get a much smaller device. They’ll be connected over Ethernet anyways. Broadband is ~100Mbps on both ends (DL & UL).

Could someone please chime in if my understanding is correct?

Typically, long transmission channels don’t affect bandwidth, they only increase latency.
The specifics will have to do with the ISP, not just the region.
But if you’re sure you only need 40M, it has little to do with the device.

The bottleneck is really a matter of time, not bandwidth, resulting in latency. I’m in the north of North America but all my DNS lookups/requests first go to Texas. That takes some 90 milliseconds to do so. When I send them to the Netherlands instead it can take about 100 to 120 ms… but that’s just to associate the domain to a IP.

But more to your question: if you can do everything you need to do w/ the advertised 40 Mbps then go for it… but if ‘future proofing’ is a concern for you the 170 Mbps of the Slate Plus will, of course, allow you do more tasks simultaneously eventually even if it’s not today.

If you want to test what you can expect for bandwidth between those locations, have a friend in the same general location as your European address send a multi-GB file to you directly. Rymdport makes that trivial.

I’d expect 100/100 if both sides have the same spec’d ISP packages.

Thank you! The reason I’m asking is, if I go to or other test websites in my North American home, choose servers in the foreign destination, my upload speed hovers around 4-10Mbit/s with ping around 200ms. This is despite getting 100Mbit/s uploads to local servers. Is my methodology completely off?

Wow; really? Now I understand the nature of your confusion. No, your methodology is correct but let me tell 'ya something about

There’s a guy on YT that’s rather centred around networking gear including GL’s products. The channel is Van Tech Corner. He seem to be based somewhere around Malaysia or Vietnam. Apart of his benchmarking includes using From time to time his attempts on various servers get ‘choked’ as ea. test server is ran by a different company that may or may not be throttling at that particular time of day.

TL;DR: SpeedTest is a good rule of thumb but I wouldn’t count on it given the flaky nature of the companies behind the test point locations.

I’d try Rymdport if you’re able. It should give you a better real world sense of a sustained transfer rate.

Thank you! This makes a lot of sense. When I test upload speeds to other countries somewhat nearby my destination I’m getting similarly low speeds, which is what worried me. On another hand, a completely different similarly distant region gives me 40-50Mbit/s. But now that you mention it, just like my destination, pretty much all of Southeast Asia is giving me ~3-4Mbit/s uploads. I tried a lot of other websites and I’m getting anything between 5-50Mbit/s to my destination, but never more than half of my upload speed.

I’ll try to find a way to do Rymdport. If I can’t, should I assume that it’s a speed test issue and I’m unlikely to be running into such bottlenecks with direct VPN? I’d be super happy if I can max out the AR300M’s 30-50Mbit/s, because I’m assuming that’s what I’d be looking at if they’re connected to each other over Wireguard? I’m assuming if there’s a bottleneck somewhere, a faster device would do nothing to increase speeds.

Yeah, you’re unfortunately right. You’re only as fast as your last bottleneck. Sometimes I relate to the nature of cross-continental traffic like weather patterns. Time of day & other conditions can apply (eg: a DDOS attack on a major ISP/hub)… or a wa, excuse me, “special military operation” in the near middle of Europe.

It also doesn’t help routes can go up/down/change hour to hour, minute to minute depending on who’s running the infrastructure. There’s just too many variables.


I appreciate your help! Looks like I’m going to go with the Shadows. And hope it’s reliable as a 24/7 server :smiley: Honestly, I’d be happy if I can consistently get over 20-30Mbit/s between the two.

1 Like

Heh; these are Linux devices… technically they are a variation of a server.

Have a plan if the power goes out @ the remote endpoint; you might be left wondering why your VPN went offline.

… & have a good day.

1 Like

Bottlenecks? Between the US and Europe? Your limits are going to be ISP connections.

I would start by thinking about your use cases and other capabilities of the devices, like VPN policies.

If you are just rdp’ing into a server at your NA home, maybe the Shadow will be ok. Do you have a router there now? Maybe it is already capable of wireguard? Are you traveling in Europe? Then maybe something small is better. But if in a fixed location I would go with more power.

In my case, I have an Asus AX router in Florida sitting on a crappy 300/10 connection and a Beryl AX in Portugal on a 1000/200 connection. So I’m very careful about whether the Beryl is downloading from Florida or not.

1 Like

I setup a Shadow about 2 years ago at a family members place as a VPN server and it has been running great as I travel the world. They only have around a 40 Mb/sec upload speed, so there was no reason to use anything bigger.

I have a very custom setup running on it, supporting multiple VPN protocols on multiple ports to allow me to get around VPN blocking at some location. I use a cronjob to reboot the router daily. I am using the version of the Shadow with 128MB flash to fit everything thing I’m doing with it.

1 Like

For your consideration:

Thanks, but I already have it sending backup, logging and telemetry data to a cloud system.

… including your personally installed ipkgs fr the owrt feeds?

Sadly no router, just one provided by the ISP. I’m on the fence between the Shadow or stepping up to the future-proofed Brume 2 as a server.

I am leaning towards the Shadow as a client for now because I can easily put in my backpack while traveling around as well as using it in a semi-fixed location. I was considering the Slate Plus, but when I measured the size, it’s just going to take a bit too much space when I pack light to travel. I may upgrade if there is a smaller router released later on. Plus, for now I’d be just fine getting 40Mb/s.

Thank you!

  1. Do you suspect it may run into issues without daily restarts? Or did you add the daily reboot as a precaution?
  2. Do you suspect that a 2xShadow server + client combo would hit 40Mb/s over Wireguard?

I was considering the Brume 2 as a server solely due to reliability (and future-proofing). But I’m not sure how much point there is if I’d be likely getting the Shadow as a client, at least for the time being. I may upgrade the client down the road if there is a successor in a form factor not bigger than the OG Slate.

Yes I backup my OpenWrt packages, and my scripts to repackage the SoftEther OpenWrt packages so they take up less space and it logs to a separate tmpfs so it doesn’t wear out my flash storage.

1 Like

I reboot my Shadow server daily as a preventage measure. I’m not sure if it is needed, but from time to time I have had to manually reboot my original Slate travel router if it’s been running for a few weeks.

Using the Shadow server and my original Slate client, I have been able to get up to 35Mb/sec with Wireguard, but I feel that limit is due to my family’s internet provider.

My setup is using a cloud system to hop through as I did not want to have to do port forwarding on my family’s router. I’m running multiple Wireguard links on my Shadow to do this. The nice thing about this setup is my family changed internet providers and got a new router and all they had to do was plug the Shadow into their new router.

My Shadow server is running with Wifi turned off and is Ethernet connected to my family’s router.

I prefer using my original Slate as my travel router as I like having both WiFi bands, and having 3 Ethernet ports.

1 Like

When you get the chance to do some admin work on it you should take a look at watchcat. It might well do away w/ your need to schedule your VPN usage around monitoring the face of a clock. uci show network | grep "interface" &/or ifconfig -a | sed 's/[ \t].*//;/^$/d' can get you the interface names (eg: wgclient).