-
Performance comparisons of three VPN protocols on a budget router
One of the drawbacks of running VPN on a router is performance. It is especially profound when you run OpenVPN a budget router like the pcWRT TORONTO-N. In hopes of getting more reasonable VPN performance out of commodity router hardware, we added support for strongSwan (IPsec) and WireGuard®* to the pcWRT firmware.
In this post we are going to show you some actual data.
Hardware
The TORONTO-N has a single core MT7620N CPU running at 600 MHz, with 64MB RAM. This puts it roughly in the same class as the ASUS RT-N14U and the Buffalo WHR300.
Goals and Methodology
The main goal of these tests is to find out the upper limit of network performance brought on by the limited CPU power on the router. We are mainly interested in the maximum achievable network speed.
As is usually done, we use speedtest.net to measure network speed. Measurements were first done with the VPN running on a laptop, then with the VPN running on the router. By comparing the two sets of numbers side-by-side, you can get a better understanding of any performance degradation due to the limited power of router hardware.
Testing Procedure
We ran the VPN servers for each protocol on a Virtual Private Server (VPS) under our control, to make sure that we can utilize the full network bandwidth available for each test.
We set up two VLANs on the router, with VLAN #1 going directly through the ISP connection, and VLAN #2 through the VPN connection on the router. The VPN client on the testing laptop is turned on when it is connected to VLAN #1. And turned off when it is connected to VLAN #2.
Raw Speed
Without VPN, our Internet uplink is about 100Mbps.
Test Results
Conclusions
As can be seen from the graph above:
- IPsec and WireGuard performed better than OpenVPN on both the laptop and the router.
- IPsec performance on the router, though not great, is acceptable for normal use.
- WireGuard performance on the router is comparable to that on the laptop. Even though the number is a bit higher on the router, it’s probably caused by variations between different runs.
- There’s almost no degradation in speed for IPsec on the laptop.
* “WireGuard” is a registered trademark of Jason A. Donenfeld.
Recent Posts
- How to reset the pcWRT router
- How to create your SSH key and use it on the router
- How to reset router password by email
- How to set up SurfShark WireGuard VPN on the pcWRT router
- How to set up Proton VPN WireGuard on the pcWRT router
Recent Comments
- on How to create your SSH key and use it on the router
- on How to create your SSH key and use it on the router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to enable native dynamic DNS on the pcWRT router
Archives
- April 2024
- March 2024
- August 2023
- May 2023
- February 2023
- June 2022
- December 2021
- November 2021
- August 2021
- January 2021
- December 2020
- October 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- February 2020
- January 2020
- December 2019
- October 2019
- December 2018
- August 2018
- July 2018
- June 2018
- January 2018
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- January 2017
- August 2016
- May 2016
- December 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
Categories
