Upgrading OpenVPN on BPI-R3 and OpenWRT

Hi all. My first R3 board is scheduled to arrive in the next couple days and I will be flashing it with OpenWRT and installing OpenVPN and following this guide. The goal is to use a 2nd R3 at another location and establish a permanent OpenVPN connection with TAP/bridging. Both locations are private residences with gigabit fiber.

As I have researched setting this up I have come to learn that OpenVPN is inherently slow out of the box (especially utilizing a TAP interface) and have explored using the faster Wireguard protocol (lacks TAP) or just using a different gateway. Ultimately, OpenVPN with TAP seems to be the best way for me to solve my connection issue. Further research has led me to receive the following recommendation from a user on Reddit:

If you’re going with OpenVPN, set it up with ECDSA or EdDSA certs and TLS 1.3, making use of ChaCha20 encryption instead of AES.

It’s what Wireguard uses and is generally much faster than AES on ARM.

Has anyone made such modifications to their setups? Is there a guide or recommended reading to help make this work? Help/tips appreciated :slight_smile: