I’m considering upgrading to a 1000/1000 connection and running VPN on my windows device will as I’ve understood it not allow that speed due to how windows handles encryption (I don’t understand this very well but it was what I read in various threads about getting optimal speeds via VPN).
I saw that using a dedicated hardware router/firewall with vpn support could allow most of a gigabit connection but I’m unsure of what to buy. I currently have a Ubiquity EdgeRouter X and though it does have a VPN section to configure, I’m unsure if it will handle that bandwidth.
Any suggestions for hardware that will allow a gigabit connection via VPN?
Very briefly and skipping over a lot of technical details, there are two most common VPN systems, OpenVPN and Wireguard.
Gigabit OpenVPN requires a processor with AES-NI support running at approximately 3 GHz or faster; core count doesn’t matter (this will change in the future, but for the time being, it is what it is).
Gigabit Wireguard requires approximately 8 GHz of processor bandwidth, which can be distributed over any number of cores.
As a reference point, your ER-X has a dual core processor running at 880 MHz, so no, I would not expect it to deliver Gigabit VPN…
Additionally, some (although not many) devices have dedicated cryptographic hardware that can deliver faster VPN throughput than what you would expect based on the processor specifications.
The practical gist: anything with N100 processor or better should be okay… Assuming the N100 is well cooled, that is… Software-wise, you can use pfSense, OPNsense, or OpenWrt.
im using Private Internet Access. Their client supports openvpn which i assume is ipsec and WireGuard. From what I’ve understood so far, I think pfsense can be configured to run with PIA but I suppose I need to do some research there as well.
I’ve looked at Pfsense but im still unsure what hardware would be able to handle a gigabit VPN. Apparently the price range is in the 250-300 USD range but I don’t really know any brands other than Netgear which seems the easiest as it comes with Pfsense+ installed.
I use PIA which supports both OpenVPN and WireGuard.
That’s fine. Just keep in mind, OpenVPN and Wireguard like different things about processors.
OpenVPN, for the time being, runs single-threaded (a new multi-threaded implementation is gradually seeping into downstream products, but it’s not common yet), so it wants a fast clock above all else. Separately, OpenVPN relies on AES-NI encryption, so it really helps if the processor has support for it (recent and even semi-recent processors have it; i3 has had it since fourth-gen, i5 and i7, since second-gen at the latest; as to Atoms, Celerons, and Pentiums, you’d have to look up specific models).
Wireguard, conversely, doesn’t care about AES-NI (it uses ChaCha20 encryption by default) and runs multi-threaded, so it can take full advantage of multiple cores or threads and the important consideration is the total processor bandwidth (clock speed times the number of cores or threads, whichever is applicable).
This might be a solution, thanks a ton! As far as I can see reading about it, it does seem difficult to achieve gigabit connection via VPN. I am willing to put up to 300 USD into a pfsense setup if it could give me what I wanted but this might be a more beginner friendly alternative.
PIA’s site advertises 10 Gbps network but only really states “blazing fast speeds” which could mean a lot of things, I suppose. I know for sure I won’t hit high speeds with my windows client so I gotta try and figure out a hardware solution but I’m also unsure what to get.