VPN Speed low-middle CPU

If you want faster VPN speeds for home use then I think a PC based system running something like Pfsense is a good option. My main router is a PC-engines mini PC. Not sure of the settings at the moment but I am getting about 70Mbps on openvpn. It is a 256bit cypher but not sure which one. There are loads of mini PC options now. That are perfect to use this. Pfsense is a more powerful option for most folks but it has a steep learning curve. It is not a good travel option though ss you need larger hardware.

GL.iNet will launch a small box which can achieve 100Mbps OpenVPN soon.

Can you give some more information?
Is the hardware well choosen ? With uptodate support ?
I think here of my B1300 with outdated software !
Can your software-developement keep track with the lots of hardware ?
It would be nice.

B1300 openwrt version is old because of WiFi driver compatibility. But we today upgraded. Kernel is new.

Pls upgrade your B1300 now.

Sorry no more info about the new hardware. But it does has the most updated open source support.

Thanks for your proposal to update software.

Despite new kernel the software openwrt 15.x remains outdated with all the inherent

incompatibilities and security risks.

The proposed update is only a placebo and no solution to the problem.

People (your customers) buying an openwrt-router want secure and up-to-date hard- and software.

Why not offering openwrt 18.x (with slow wifi, but secure) and software 3.0 ?

Instead of new hardware I would appreciate this solution and more efforts

to debug software V3.0 !

Thus the hardware B1300/S1300 would not be obsolete security- and softwarewise.

Well, that is good to know but my router has been achieving speeds close to this for years and there are plenty of options that can do over 200Mbps today. Added to which Pfsense is a far more feature rich software option. My current broadband tops out at about 70Mbps anyway but I belive my old hardware can achieve about 100Mbps on the latest builds, but in reality I don’t need VPN for all of it. Pfsense has relatively easy to configure split tunnelling at source and destination ip and port. This can be done in openwrt but it is a pain. My main bandwidth hog is Usenet which is over a secure connection so I just route it outside of the VPN based on the providers domain. The success of new domestic VPN routers will be ease of configuration with cheap price and moderate speeds. Openwrt isn’t commercial grade and I can’t see many enterprises wanting to use it. Pfsense isn’t perfect, it can be hard to configure. A cheapo Celron n3150 appliance will manage about 115Mbps and lots of options will easily go over 200Mbps. In reality not many VPN providers offer much over 70 to 80Mbps today anyway. For travel routers, getting a fast connection whilst travelling isn’t easy. 5G will improve that but for many people running a VPN app on the client computer is usually easier anyway.

I have some clients who want to purchase this product. Do you think it will ship before 2020?

Which of the currently available GL routers can achieve at least 50Mbps with OpenVPN ?

Would you also consider making a product that runs OpnSense? https://opnsense.org/

Hi pls check our MV1000 Brume router which can achieve that speed OpenVPN.

Brume has the horsepower to get decent numbers on OpenVPN, 50Mbps is do-able.

It shines on Wireguard - 200Mbps is well within reach.

OpnSense is a fork of pfSense - both are based on freebsd

ARM support is getting better there in BSD land - netgate/pfsense has funded development for ARMv7a and ARMv8a for Armada 38x and Armada 37xx chips, and has built private pfSense builds to support their products.

Looking at pfSense/opnSense, in comparison to OpenWRT - all three similar enough in capability and performance, and I can speak true to this, as I do have pfSense running as my edge router on my home network, and no problems with OpenWRT doing the same.

Upside to OpenWRT is that it can leverage things like Wireguard, as this is upstream, and very linux cenric - client options are available for Win/Max/iOS/Android in userland.

1. 50 Mbps using which cipher suite? Can we see a chart of sustained data transfer benchmarks using the most secure & popular ciphers that are supported by OpenVPN ?

2. Why is Brume so expensive?

Brume - Marvell Armada 88F3720
(2-Core ARM Cortex-A53 @ 1.0 GHz) 1GB RAM
eMMC 8GB, 16 MB Flash
US $129.00


Raspberry Pi 3 - Broadcom BCM2837B0
(4-Core ARM Cortex-A53 @ 1.4 GHz) 1GB RAM
US $35

Raspberry Pi 4 - Broadcom BCM2711
(4-Core ARM Cortex-A72 @ 1.5 GHz) 1GB RAM
US $39


Micron KLM8G2FEJA-A002 8GB eMMC Memory
US $15 (single unit price)

Samsung KLM8G1GEND-B031 8GB eMMC memory
US $8 (single unit price)

SST39VF1601-70-4C-EKE Flash Memory IC 16Mb
US $0.5 (single unit price)

1 Like

The raspberry pi foundation has the privilege of working closely with Boardcom so that drivers and so on are all done for them basically. Drivers are also supplied as blobs, cos Broadcom doesn’t want to do any opensource drivers and so on.

GL on the other hand wants a device that can run OpenWRT. For that, you want to run on platforms that are already developed and work for OpenWRT. Those are Qualcom, Marvel and so on.

On top of that GL, makes relatively small volume compared to a raspberry pi, so prices are not even close to the same on a per chip basis, ending up with a higher total price.

3 Likes

I’m not connected to GL-iNet

Try this… this is just once thing, but it’s reproducible, and shows possible max performance.

openvpn --genkey --secret /tmp/secret
time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc

Data - throughput is MB/Sec - time in seconds/3200

Device Chipset Arch Cipher Time Throughput
MV1000 MV3720 aarch64 aes-128-cbc 8.21 389.77
aes-256-cbc 8.68 368.66
aes-128-gcm 17.65 181.30
B1300 IPQ4028 ARMV7-A aes-128-cbc 111.97 28.58
aes-256-cbc 123.25 25.96
aes-128-gcm 108.25 29.56
AR300M AR9531 MIPS24Kc aes-128-cbc 178.99 17.88
aes-256-cbc 194.32 16.47
aes-128-gcm 216.84 14.76

Pricing is actually fairly good for supported 3700 devices - see Netgate’s SG1100 device, same chipset, similar specs - $179USD

Yes, the EspressoBIN community board for 3720 is $93USD on Amazon with an enclosure and power supply, and a 32GB Samsung EVO microSD, no SW, no eMMC, and there, you’ll get no vendor support

Pricing here is driven by several factors - the cost of the chipset (3720 plus Topaz), and the NRE needed to develop the board - Netgate has a custom spin on the EspressoBIN, and Brume is a custom board.

Manufacturing Costs, aka MAV, are about the same - so cost of goods shipped is BOM+NRE+MAV/number of units shipped - and then add distribution costs to this.

$129 is a fair price, IMHO…

1 Like