kifeno
Posts: 3
Joined: Sat Aug 10, 2019 1:56 pm

Performance of Raspberry Pi 4 as a router with OpenVPN and ad blocking

Sat Aug 10, 2019 2:01 pm

I want to have a router which connects to a OpenVPN server and have 3 clients connect to it. My internet speed over Ethernet cable is 50-80Mbps.

1. I have read that Pi 3B performance is bad since it doesn't have hardware encryption (AES-NI instructions) and VPN traffic is therefore slower. What speeds can I expect out of Pi4 considering that it has a 3 times faster Ethernet compared to 3B+ and it has USB 3.0? Does USB 3.0 share the same lane with ethernet as in previous Raspberries?

2. Do I need any other external hardware or is it enough to connect Ethernet cable to Raspberry and use internal wi-fi to create a hotspot?

3. I have a dilemma should I buy a dedicated router and flash DD-WRT/OpenWRT on it or create a router out of Raspberry. Even though both Raspberry and router don't have hardware encryption Raspberry still have a lot faster CPU compared to single core 500-1000MHz ones in cheap router. I was just wondering what is better option.

4. How much RAM do I need for this project? Is 1GB enough?

5. I also wanted to add functionality of ad blocking but I think I can't use PiHole as DNS server because all traffic goes though VPN. How can I achieve this using single Raspberry?

epoch1970
Posts: 5135
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Performance of Raspberry Pi 4 as a router with OpenVPN and ad blocking

Sat Aug 10, 2019 4:46 pm

Pi 3B can run an openvpn tunnel at 30mbps sustained, with UDP and AES-128, Ethernet link. At full tilt it is I/O bound, not CPU bound.
Pi 3B+ is probably marginally faster (same USB link as 3B), Pi 4 should be much faster, by a factor of 3 or more.

1GB is more than enough, esp. if you run a specialized OS. Check the requirements for the “ad blocking” software though. You can run a “router-on-a-stick” over the Ethernet link and an access point over the WiFi adapter at the same time.

Normally a router platform would be preferable, having often hardware crypto support, multiple physical ports, more advanced WiFi antennae, BSD support... However an ok router platform at Pi price isn’t a given. Another advantage of the Pi is that you can repurpose it, in case you finally decide to go for specialized hardware.

Extra accessories you might want to consider if using a Pi: a manageable network switch (VLAN support) or USB/Ethernet adapters (if routing between physical interfaces instead).
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

User avatar
rpdom
Posts: 17180
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Performance of Raspberry Pi 4 as a router with OpenVPN and ad blocking

Sat Aug 10, 2019 5:04 pm

kifeno wrote:
Sat Aug 10, 2019 2:01 pm
I1. I have read that Pi 3B performance is bad since it doesn't have hardware encryption (AES-NI instructions) and VPN traffic is therefore slower. What speeds can I expect out of Pi4 considering that it has a 3 times faster Ethernet compared to 3B+ and it has USB 3.0? Does USB 3.0 share the same lane with ethernet as in previous Raspberries?
The Ethernet on the Pi 4B is independent of all five USB ports. There is a direct Ethernet channel from the SoC to a PHY driver for the socket.
Unreadable squiggle

kifeno
Posts: 3
Joined: Sat Aug 10, 2019 1:56 pm

Re: Performance of Raspberry Pi 4 as a router with OpenVPN and ad blocking

Sun Aug 11, 2019 7:31 pm

I found these benchmarks https://github.com/ThomasKaiser/sbc-ben ... esults.md .

Code: Select all

OpenSSL 1.1.1c, built on 28 May 2019
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      62184.51k    76615.98k    83103.15k    84435.97k    85237.76k    85169.49k
aes-128-cbc      62511.68k    76704.43k    83097.09k    84763.99k    85150.38k    85229.57k
aes-192-cbc      50203.94k    64933.31k    71396.52k    73090.39k    73602.39k    73706.15k
aes-192-cbc      56285.24k    67498.65k    71976.02k    73356.29k    73525.93k    73258.33k
aes-256-cbc      51010.29k    60062.42k    63579.31k    64656.73k    64927.06k    64831.49k
aes-256-cbc      50869.32k    60057.64k    63678.55k    64560.47k    64935.25k    64891.56k
This means that with AES-128 encryption I can expect 85229Kbps or 10MBps?
epoch1970 wrote:
Sat Aug 10, 2019 4:46 pm
Pi 3B can run an openvpn tunnel at 30mbps sustained, with UDP and AES-128, Ethernet link. At full tilt it is I/O bound, not CPU bound.
Pi 3B+ is probably marginally faster (same USB link as 3B), Pi 4 should be much faster, by a factor of 3 or more.
Limited by speed of RAM and Ethernet bus, not by microSD card speed?

I think I will buy 2GB version so I can repurpose it if the performance as a router is not desirable.

Thank you all for answering.

epoch1970
Posts: 5135
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Performance of Raspberry Pi 4 as a router with OpenVPN and ad blocking

Sun Aug 11, 2019 8:10 pm

I see 30mbps, i.e. roughly 3MB/s on Pi3. Routing over the single USB lane is what limits performance.
Assuming Pi4 networking to be 3 times faster than 3b+ I think probable you could see 10 MB/s and more.

In my case 30mbps allows for “transparent” encryption because the peers are mostly connected via asymmetric links with poor upload bandwidth. Consider the upload bandwidth of the links you will be using.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

kifeno
Posts: 3
Joined: Sat Aug 10, 2019 1:56 pm

Re: Performance of Raspberry Pi 4 as a router with OpenVPN and ad blocking

Mon Aug 12, 2019 12:33 pm

epoch1970 wrote:
Sun Aug 11, 2019 8:10 pm
In my case 30mbps allows for “transparent” encryption because the peers are mostly connected via asymmetric links with poor upload bandwidth. Consider the upload bandwidth of the links you will be using.

Sorry but I don't understand what these terms mean. Can you clarify them?
1. What is the transparent encryption?
2. What are asymmetric links?

epoch1970
Posts: 5135
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Performance of Raspberry Pi 4 as a router with OpenVPN and ad blocking

Mon Aug 12, 2019 12:50 pm

1 - If the tunnel, while slower than local networking, is not the weakest link along the path, it does not degrade the maximum achievable throughput. Then you can say it is transparent, or that the VPN operates at “wire speed”. Eg host 1 at 30mbps max, host 2 at 5 mbps (poor internet connection) => tunnel at 5 mbps, no performance loss. Host 1 at 30 mbps, host 2 at 200 mbps => tunnel at 30 mbps, noticeable performance degradation due to tunneling.

2 - https://en.m.wikipedia.org/wiki/Asymmet ... riber_line
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Return to “Networking and servers”