Speed Tests with VPN and Encryptions. Help by Sharing your results :)

[yorgi]

We would like to get your help to see if you get faster then 50mbps running a VPN client with PIA service provider.

If you are using any other VPN provider your input is also welcome

Please post your speed tests and let us know;
-VPN service provider
-what part of the country you are from,
-Mbps of your ISP connection
-Which router model you are using
-what encryption you are using
-what were the fastest speeds you recorded when doing a speed test with your VPN client.

These test can help determine if VPN providers are throttling their bandwidth or if routers have hardware limitations.

thanks

 

[scaramonga]

UK (BT)
75 Down & 20 Up Fibre
AC68U (John's Fork 17BA)
AES-128-CBC

PIA - Netherlands VPN
http://www.speedtest.net/my-result/5096828412

So, roughly half of what I get on normal connection, on this test.

 

[somms]

Typical FTTH throughput...

Throughput thru OpenVPN server running on R7000 w/Shibby's tomato...

 

[Rango]

On 87 router overclocked to 1400mhz, 2.4ghz band disabled, 5ghz band on dedicated cpu outsite those dual core once, 3rd cpu.

comcast 90/12 mbps
Pia aes128 54mbps
pia aes256 35mbps
vpnac aes128 45mbps

On Pfsense 4.1Ghz quad core, 2Gb ram
Pia aes128 initially got 80mbps then i think i got trottled by pia or choopa their isp to 50mbps. I have not been able since then to reach more then 50mbps.

Do they (vpns) throttle then?

Anyone with express vpn to confirm their speeds.

 

[patrick sullivan]

encryption down up

aes-128___54.91___4.20
bf-cbc___44.52___4.20
aes-256___27.13___4.16
no VPN___62.28___4.40

AC68U
Living in Oregon (US), with VPN (PIA) tunneled to Canada.

 

[Rango]

Guys so perhaps it's only about cpu power. I just tried on my laptop which is running of off 5ghz cpu only but two other cores in 87u are freed up from this connection as another cpu in 87 handles 5ghz.

I just got 68up 11 down on pia so if i can get my pfsense up i should be able to hit 80 again unless the throttles pfsense. Now i'm itchy again for pfsense. lol. What i don't understand however is why 87 during max download speed only shows 60% peak utilization rate on core2 and 20% on core 1. I would imagine if it could get to 100% on both cores it could get to 90mbps. Perhaps this is code issue? dunno. Also this could be due to beamfoaming (turbo) acceleration in those routers. I don't know.

on laptop pia aes 128 68 down, 11 up on 5gh band

 

[Nullity]

I think you can login to your AsusWRT device and run "openssl speed aes-128-cbc aes-256-cbc bf-cbc" to get benchmark results direct from OpenSSL. My RT-N66U prints the following text:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
blowfish cbc     13166.85k    13933.81k    14690.60k    14558.70k    14635.60k
aes-128 cbc      12327.56k    13300.38k    13847.73k    14002.52k    13961.90k
aes-256 cbc       9499.30k    10100.46k    10388.62k    10411.03k    10367.82k

I dunno if the results are useful...

 

[System Error Message]

I think you can login to your AsusWRT device and run "openssl speed aes-128-cbc aes-256-cbc bf-cbc" to get benchmark results direct from OpenSSL. My RT-N66U prints the following text:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
blowfish cbc     13166.85k    13933.81k    14690.60k    14558.70k    14635.60k
aes-128 cbc      12327.56k    13300.38k    13847.73k    14002.52k    13961.90k
aes-256 cbc       9499.30k    10100.46k    10388.62k    10411.03k    10367.82k

I dunno if the results are useful...

The results show that the chip's encryption is bottlenecked by bandwidth seems like you can expect 10-15Mb/s

 

[Nullity]

The results show that the chip's encryption is bottlenecked by bandwidth seems like you can expect 10-15Mb/s

Right, but whether the benchmark reflects how OpenVPN will perform in the real-world, I dunno. I would assume so, but I dunno.

(Some have said that OpenVPN has quite a bit of non-encryption-related overhead.)

 

[System Error Message]

Right, but whether the benchmark reflects how OpenVPN will perform in the real-world, I dunno. I would assume so, but I dunno.

(Some have said that OpenVPN has quite a bit of non-encryption-related overhead.)

It could also mean that your encryption speeds are stuck to only 1 bit rate.

Try the benchmark and see your CPU usage to check if it is hardware accelerated. If it isnt than using openVPN would slow you down.

 

[kvic]

That's what I get on RT-AC56U for aes-128-cbc:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      44653.45k    48938.15k    50584.75k    51367.22k    51593.05k

Note the unit is kilobyte (not kilobit). So crypto speed alone is way faster than the actual OpenVPN speed apparently.

On RT-AC56U, OpenVPN can achieve 70Mbit/s up/down with aes-128-cbc. IPsec can achieve close to 90Mbit/s with the same cipher.

Not a lot of boost but I'm happy with the move to IPsec.

 

[Nullity]

That's what I get on RT-AC56U for aes-128-cbc:

The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      44653.45k    48938.15k    50584.75k    51367.22k    51593.05k

Note the unit is kilobyte (not kilobit). So crypto speed alone is way faster than the actual OpenVPN speed apparently.

On RT-AC56U, OpenVPN can achieve 70Mbit/s up/down with aes-128-cbc. IPsec can achieve close to 90Mbit/s with the same cipher.

Not a lot of boost but I'm happy with the move to IPsec.

It seems like the openssl benchmark is more intended as a relative measurement of ciphers, rather than showing what to expect in the real world.

I probably should have researched before posting... carry on, nothing to see here.

 

[System Error Message]

It seems like the openssl benchmark is more intended as a relative measurement of ciphers, rather than showing what to expect in the real world.

I probably should have researched before posting... carry on, nothing to see here.

the benchmark only measures encryption speed, not forwarding and routing which is what you get when you use VPN as well. encryption is only a part of VPN, the other parts are forwarding and routing, and encapsulation (inserting a packet into another layer 3 packet), just like layer 3 over layer 2 where the layer 3 packet is inserted into a layer 2 packet's data stream, this is actually the overhead of VPN and PPPOE as in PPPOE you have layer 3 routed packets inserted into PPP's layer 2 packet, and than PPP's layer 2 packet inserted into another layer 2 packet such as MAC.

In a lot of routers there is no hardware acceleration for forwarding or routing of VPN packets which also affects their speed.

 

[Nullity]

the benchmark only measures encryption speed, not forwarding and routing which is what you get when you use VPN as well. encryption is only a part of VPN, the other parts are forwarding and routing, and encapsulation (inserting a packet into another layer 3 packet), just like layer 3 over layer 2 where the layer 3 packet is inserted into a layer 2 packet's data stream, this is actually the overhead of VPN and PPPOE as in PPPOE you have layer 3 routed packets inserted into PPP's layer 2 packet, and than PPP's layer 2 packet inserted into another layer 2 packet such as MAC.

In a lot of routers there is no hardware acceleration for forwarding or routing of VPN packets which also affects their speed.

According to Google, the discrepancy is more tied to how the benchmark makes use of the CPU L1 cache in a way that is uncommon for complex, real-world situations... whatever that means.

 

[System Error Message]

According to Google, the discrepancy is more tied to how the benchmark makes use of the CPU L1 cache in a way that is uncommon for complex, real-world situations... whatever that means.

It means that because the benchmark tends involves very little data and program code, all the data or program code can be stored in the L1 cache so the benchmark is more of a math processing test which doesnt require data flowing to different components. In the real world a piece of data could travel between ram and cache if multiple stages of processing is involved with it which is why adding rules to a router slows it down significantly. Multi threading can help speed it up so running multiple threads even on a single core significantly speeds it up. When i made a java program to search for files that contained a piece of string it did it faster than windows search but because i spammed unrelated asynchronous threads i managed to use more resources because i wasnt tied up with a single core should only run a single thread. Its the same when i make a mobile app wherever i can i will divide tasks even small trivial ones make it significantly more responsive for the same reason, the CPU doesnt get bogged down waiting for tasks or transfers, it can do other things while waiting. My approach relies on the compiler being good and the CPU's pipeline able to take advantage of other instructions and data since reusing data in the CPU can be complicated (you cant have the results ready by the next cycle for immediate use, only certain stages in the pipeline can use the result before it is permanently ready).

Even games can benefit from this approach quite a lot but has the complication of having to also set task priorities too. It makes me wonder why they cant take this approach as it would've made games run a lot better even on lower end machines.

 

[yorgi]

It means that because the benchmark tends involves very little data and program code, all the data or program code can be stored in the L1 cache so the benchmark is more of a math processing test which doesnt require data flowing to different components. In the real world a piece of data could travel between ram and cache if multiple stages of processing is involved with it which is why adding rules to a router slows it down significantly. Multi threading can help speed it up so running multiple threads even on a single core significantly speeds it up. When i made a java program to search for files that contained a piece of string it did it faster than windows search but because i spammed unrelated asynchronous threads i managed to use more resources because i wasnt tied up with a single core should only run a single thread. Its the same when i make a mobile app wherever i can i will divide tasks even small trivial ones make it significantly more responsive for the same reason, the CPU doesnt get bogged down waiting for tasks or transfers, it can do other things while waiting. My approach relies on the compiler being good and the CPU's pipeline able to take advantage of other instructions and data since reusing data in the CPU can be complicated (you cant have the results ready by the next cycle for immediate use, only certain stages in the pipeline can use the result before it is permanently ready).

Even games can benefit from this approach quite a lot but has the complication of having to also set task priorities too. It makes me wonder why they cant take this approach as it would've made games run a lot better even on lower end machines.

Nice! so i guess these routers are limited in their own way even if the cpu is not registering as a full load.
You feel like compiling some code to make our VPN go faster
j/k

 

[yorgi]

the benchmark only measures encryption speed, not forwarding and routing which is what you get when you use VPN as well. encryption is only a part of VPN, the other parts are forwarding and routing, and encapsulation (inserting a packet into another layer 3 packet), just like layer 3 over layer 2 where the layer 3 packet is inserted into a layer 2 packet's data stream, this is actually the overhead of VPN and PPPOE as in PPPOE you have layer 3 routed packets inserted into PPP's layer 2 packet, and than PPP's layer 2 packet inserted into another layer 2 packet such as MAC.

In a lot of routers there is no hardware acceleration for forwarding or routing of VPN packets which also affects their speed.

What sucks about all this is, we are paying good money for these routers but in reality most of us are buying them because of the marketing strategies,
but who has the time to get one of these Ciscos or pfsence and start to program them.
One needs a special course just to understand how IP range works let alone IP tables and Firewall scripts
been there done that, all I care now is end user.
I am happy with my router, and besides 50mbps is pretty good from VPN provider, for 40 bucks a year.
If we only paid that to our local ISP then we would be laughing

 

[System Error Message]

Out of curiousity what do you guys use VPN for? Privacy to access content from another countr? LAN access?

The passively cooled CCR1009 has dropped in price and is basically the cheapest TILE based router, when it comes to VPN it is not only hardware accelerated but also very fast with it. It is also much faster than the ubiquiti edgerouter pro which is actually quite noisy when my room is warm. If you are willing to learn configurable routers it may be worth using and not as difficult as a full linux based OS being used as a router. Pfsense falls into the category of being configurable but not as difficult to use another linux OS like ubuntu as a router.

Its actually easy to configure Pfsense since it is GUI based and also mikrotik, you may need a technical dictionary and good english skills.

I hate how all the consumer router companies are considering companion cpu or co processors as legitimate cores, its like saying your computer has CPU + GPU cores (i.e. saying an i7-3770k is an 8 core cpu). Another error a lot make is that a GPU shader is not a core, it is just a unit within a core. For example Intel's ivybridge GPU that has 16 shaders is actually 4 cores, each with 4 shaders and a bunch of other things.

 

[patrick sullivan]

What sucks about all this is, we are paying good money for these routers but in reality most of us are buying them because of the marketing strategies,
but who has the time to get one of these Ciscos or pfsence and start to program them.
One needs a special course just to understand how IP range works let alone IP tables and Firewall scripts
been there done that, all I care now is end user.
I am happy with my router, and besides 50mbps is pretty good from VPN provider, for 40 bucks a year.
If we only paid that to our local ISP then we would be laughing

Maybe Rango can share his pfsense configurations...

 

[patrick sullivan]

Out of curiousity what do you guys use VPN for? Privacy to access content from another countr? LAN access?

The passively cooled CCR1009 has dropped in price and is basically the cheapest TILE based router, when it comes to VPN it is not only hardware accelerated but also very fast with it. It is also much faster than the ubiquiti edgerouter pro which is actually quite noisy when my room is warm. If you are willing to learn configurable routers it may be worth using and not as difficult as a full linux based OS being used as a router. Pfsense falls into the category of being configurable but not as difficult to use another linux OS like ubuntu as a router.

Its actually easy to configure Pfsense since it is GUI based and also mikrotik, you may need a technical dictionary and good english skills.

I hate how all the consumer router companies are considering companion cpu or co processors as legitimate cores, its like saying your computer has CPU + GPU cores (i.e. saying an i7-3770k is an 8 core cpu). Another error a lot make is that a GPU shader is not a core, it is just a unit within a core. For example Intel's ivybridge GPU that has 16 shaders is actually 4 cores, each with 4 shaders and a bunch of other things.

Bittorrent use....VPN to torrent friendly country....only noncopyrighted material of course.