So, I see Mullvad seems to be the popular choice, but what are their speeds like?
I have a gigabit home connection, is there any VPN provider that can basically keep up with my speeds here or am I out of luck? Every one I’ve tried so far just feel super slow and a big noticeable difference when on vs off.
Mullvad is best but all VPNs reduce your speed because you’re literally re-routing all your traffic through a server far from you. That’s just it’s nature. I have gigabyte fiber normally 940-970 and with Mullvad, 721 down and 358 up with a 7ms ping. I call that pretty decent.
Mullvad provides servers that are plenty fast, easily handle gigabit speeds.
Most people’s vpn speed problems have nothing to do with the vpn provider, but with HOW they connect.
Most customers use some cheap store bought router, then try to add a wireguard client to it, then wonder why it only gets about 40-60mbps with wireguard turned on. Because the cpu in the router is too slow, that’s why.
Other people install a vpn client on their pc, which is also running other stuff, then wonder why network throughput slows way down when they turn on vpn. Because your desktop cpu now has to encrypt/decrypt each and every packet, that’s why.
If you want gigabit wireguard speed, your best bet is to build a high performance router that handles encrypting vpn traffic for your entire network. This is the safest option, fastest option, and prevents any leaks too, when properly configured.
The common approach is to buy an inexpensive mini-pc for less than $200 like (this), and install router software, usually opnsense, or pfsense, or VyOS, or Untangle, or build a custom linux router, like I do.
With the above $169 fanless mini-pc, you’ll get about 400-500mb/s sustained wireguard speed, but it will run hot when buried for long durations.
For about $300, you can get sustained gigabit wireguard speeds with something like (this) but again, it will run hot, when sustaining wire speeds for a long time.
I built a custom mini-ITX router (this), spent extra to get it the way I liked, with cooling, for about $600, but I can also run things like optional docker packages for diagnostics, management, like ntopng, Suricata ids/ips, prometheus/node-exporter/granfana dashboard monitoring gui, etc. Mine stays cool no matter what.
I don’t know why I bother posting long answers like this anymore. Somebody always down votes me, I guess because they didn’t agree with something, and I’ll probably just delete this message. That’s the thanks I get.
Hope this helps, and good luck.
Distance doesn’t directly impact speed. And if you have a 7ms ping, you also didn’t pick a server that is far from you. The impact in speed should mostly come from the encryption.
Well I’d be routing locally so that shouldn’t be a problem for me, just wasnt sure if they or any had decent speeds for gigabit connections. I’ll give it a try
Oh thats a lot of info! I’ll take a look at those. I’ve always wanted to try building my own router tbh just never got round to it. I’m currently using Deco M5 so it’s probably not sustainable for gigabit vpn tbh. I’ve got them connected via Ethernet backhaul using cat5e but honestly I’m no pro when it comes to networking, at least more complex stuff like this.
Plenty experience building PCs but advanced networking isn’t a strong suit for me lol
Thanks appreciate it 
Bro you just opened my mind to a whole new thought train for pcs and security. All the upvotes!!!
I see. That’s handy to know. I have a Ryzen 3900X 12 Core 24 thread CPU if that helps?
This will vary greatly depending on your VPN provider.
Mullvad for instance is running Chacha20 and using Wireguard by default which is not going to be hardware accelerated regardless of what you are using. The good thing with Chacha20 is that it doesn’t have that great of a penalty considering it being done in software, but there is still a penalty and what encryption/decryption performance you are getting will vary greatly depending on your hardware as everything is done via software.
The most common place and efficient solution would be to run IKEv2/IPsec using AES-GCM. Pretty much all Intel and AMD-based hardware sold for the past 10 years supports AES-NI so you will get it all done using hardware acceleration. Even when running low-end Intel Atom with AES-NI you will have decent enough hardware acceleration to achieve 1/1 Gbps so your hardware is not going to be the limiting factor.
A lot of Android phones running Qualcomm Snapdragon and Samsung Exynos, as well as all iPhones, sold for the past 8 years+ features support for hardware-accelerated IKEv1+IKEv2 IPsec using AES-CBC and AES-GCM. GCM is more efficient so going with AES-GCM-256 would be the best option for performance while also staying secure.
Wireguard is still preferable from a security point of view. Chacha20 is considered more secure, and Wireguard is able to bypass firewall restrictions in most scenarios. When connected to a network that doesn’t want you to run a VPN regular IKEv1 and IKEv2 IPsec VPNs are going to get blocked immediately.