Faster VPN Options

I have a gigabit connection (both upload and download). I have installed OpenVPN server and works fine to some extend but it is slow. I’m using UDP connection and I’m getting around 50mbit download when I’m outside and for testing purposes I connected to VPN locally, I got 140mbit tops.

VPN server is on 8th gen NUC i3. I checked the CPU usage and when I do a speedtest it goes as high as 70% single core.

Do you have any suggestions for me to speed up things? I don’t need it to be ultra secure so faster encryption algorithms with lower security options are also fine.

A CPU with support for encryption instructions (AES-NI) may help

Read this: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux

100% wireguard the way to go. Easy to setup and much faster than openvpn. Algo is a solid option or you can just do it yourself. I have a setup script here with some options depending on what you want: https://github.com/Zackptg5/Wireguard-Pi-Hole-Cloudflared-Unbound-DNSCrypt-VPN-Server

I use pihole + wireguard + dnscrypt-proxy.

For speed, you’ll want to make sure you use dnscrypt servers that are near your server or use something like cloudflared instead of dnscrypt-proxy

For VPN I strongly recommend using algo for setup-ing everything:

• Meet Algo, the VPN that works - The Trail of Bits Blog
• GitHub - trailofbits/algo: Set up a personal VPN in the cloud

Trail of Bits is a renowned security auditing firm.

Otherwise, a solution that combines the following primitives

• SHA256 (SHA2) for hashing as very efficient implementations are available widely (OpenSSL)
• AES for encryption as it’s hardware accelerated via AES-NI
• 256-bit Elliptic curves (Curve25519 or Nist P256) for key exchange as they have fast implementations in all libraries and they are way smaller than RSA keys (2048~4096 bits).

Are there NUC 8 i3 without the AES instruction?