VPN makes internet slow

[RMerlin]

Did you read the second line of my answer? This is consistent on all servers that CyberGhost offers. I'm fairly sure it's consistent among most VPN providers. SHA256 is secure, which is why it is the standard choice. Hopefully soon there will be a firmware update to merlin.

My point was that you cannot just "delete the custom entries", as the remote server has to match your custom settings. If they don't, you won't even be able to connect.

There's nothing for me to update there at the firmware level, performance is whatever your hardware will be able to give you. My OpenVPN implementation is already more optimized than what comes from virtually every other router alternative out there, there's nothing more for me to squeeze out of it. I'm one of the few firmware developers who enables maximum compiler optimizations on OpenSSL and OpenVPN.

Not every VPN provider uses SHA256, because SHA1 is still perfectly fine for HMAC usage (due to how HMAC works, you can't exploit a collision the same way you could with a more static payload). SHA256 carries a pretty hefty performance penalty for no real security improvement. As for the cipher, the VPN provider I use for test purposes actually supports both AES-128-CBC and AES-256-CBC - the first one is sufficient for home users. It would take a nation state's resource to crack that cipher.

 

[unclebuk]

Try Torguard VPN service , there is a plethora of cipher strength choices available in their ovpn file generator.

 

[hw1380]

These two settings are both performance killers on a low-powered CPU as what your router has.

You will have to see if your provider offers alternate servers with different parameters.

Would that be a valid test to see the speed differences on the router?

openssl speed sha1
openssl speed sha256

 

[Xentrk]

This is a test using the cipher rather than the hash algorithm

openvpn --genkey --secret /tmp/secret
time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc

Source: https://www.snbforums.com/threads/openvpn-estimate-performance-via-openvpn.33416/

 

[hw1380]

I did a "openssl speed" test anyway but the results are confusing me.
It's not suprising that sha512 is slower than sha1 but sha256 appears to be better than sha1 though.
This is in contrast to John's experience in https://www.snbforums.com/threads/openvpn-estimate-performance-via-openvpn.33416/#post-268879
However, openvpn in real world could be different.

openssl speed sha1 sha256 sha512

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
sha1             18659.36k    68130.72k   218191.27k   491265.56k   766492.67k
sha256           45718.14k   151373.67k   382812.45k   620643.68k   762691.53k
sha512           11482.51k    46108.45k    70799.65k    99838.98k   113678.29k