Wants to run everything via shady VPN provider with dubious logging practices who is located in the US and who’s main sales pitch is they offer $36 for ‘lifetime’ on a product that costs them money to provide each month. Wants to do that on a router that seems a relatively poor choice and has no regard for introducing double NAT (in fairness the least of all the problems so far), all so he can watch an IPTV service I don’t even want to ask about. Yep, this is 100% going to end well.
Running everything via VPN is generally a horrible idea. Expect issues with fraud checks/referrals/banking/blocking, geo blocked services and that’s before we get to if you can trust your provider and who actually owns the hardware they use/gets legal service requests (hint: it isn’t them and this is the latest ‘VPN provider’ to offer the same ‘deal’). Paying a fixed price for a service that has an ongoing cost to provide generally only works as long as a fresh influx of ‘new’ subscribers jump onboard, once that doesn’t happen, the company looses money and the product/company ceases. It’s a classic hit and run model, often used by shady ‘service’ providers who simply start up under another name and take your money all over again. In this case being US based, having a dubious logging policy and the way they log device details should set alarm bells ringing.
Running OpenVPN on MIPS/ARM based hardware, without hardware acceleration is slow. You can reduce your reasonably capable FTTC line to ADSL speeds. You could use one of the other protocols on offer, they have lower overheads and higher speeds, but that’s generally because they are less secure (in your case that’s not likely to be a massive issue).
So, for simplicity and to see if we can avoid the proverbial ball of flames this is rapidly becoming, some simple questions:
How fast is your connection with PN? The actual sync speed via the hub, not the package speed.
How much of that available bandwidth do you need your encrypted traffic to have?
What’s the budget for this?
I’d normally ask if you have a Docker friendly environment that would lend itself to something along the lines of a VPN+Privoxy proxy which would remove the encryption overhead to a potentially much more suitable device, but I get the feeling the answer is probably ‘no’.