One of the drawbacks of running VPN on a router is performance. It is especially profound when you run OpenVPN a budget router like the pcWRT TORONTO-N. In hopes of getting more reasonable VPN performance out of commodity router hardware, we added support for strongSwan (IPsec) and WireGuard®* to the pcWRT firmware.
In this post we are going to show you some actual data.
The main goal of these tests is to find out the upper limit of network performance brought on by the limited CPU power on the router. We are mainly interested in the maximum achievable network speed.
As is usually done, we use speedtest.net to measure network speed. Measurements were first done with the VPN running on a laptop, then with the VPN running on the router. By comparing the two sets of numbers side-by-side, you can get a better understanding of any performance degradation due to the limited power of router hardware.
We ran the VPN servers for each protocol on a Virtual Private Server (VPS) under our control, to make sure that we can utilize the full network bandwidth available for each test.
We set up two VLANs on the router, with VLAN #1 going directly through the ISP connection, and VLAN #2 through the VPN connection on the router. The VPN client on the testing laptop is turned on when it is connected to VLAN #1. And turned off when it is connected to VLAN #2.
As can be seen from the graph above:
* “WireGuard” is a registered trademark of Jason A. Donenfeld.