Asus RT-AC88U AsusWrt Merlin 380.64 VPN connection slow

[rt2016]

Hi Guys,
I do face some trouble when using VPN on my Asus Router.
Running the AsusWrt Merlin image 380.64.

When I do the speedtest without VPN I do have a 80/70 Mbit connection.

After switching to OpenVPN Clients I do have a dramatic loose of data, I checked already different providers like PP, VyprVpn and ExpressVpn. All of them do have the same problem I loose a lot of bandwith when running VPN.

When running VPN I do have 30/50 Mbit which is wired as download is lower then upload

Any idea's what the reason could be?

br
rt2016

 

[yorgi]

Hi Guys,
I do face some trouble when using VPN on my Asus Router.
Running the AsusWrt Merlin image 380.64.

When I do the speedtest without VPN I do have a 80/70 Mbit connection.

After switching to OpenVPN Clients I do have a dramatic loose of data, I checked already different providers like PP, VyprVpn and ExpressVpn. All of them do have the same problem I loose a lot of bandwith when running VPN.

When running VPN I do have 30/50 Mbit which is wired as download is lower then upload

Any idea's what the reason could be?

br
rt2016

Yea sure. welcome to the real world of routers with crappy cpu's
your speeds are normal and you will never get better than that. Its limitations due to decryption and the router just can't handle more than that.
Even though the cpu shows 50% use its false.
Maybe one day if routers go the AMD or Intel route with CPU and real dual or quad cores instead of these crappy cpus they use.
Just remember VPN was an option on these routers not a main feature. These routers pack a bunch of features with a very low price, this is why the cpu they use are more than fast enough for routing purposes but when VPN kicks in, well that's another matter altogether.
but for now enjoy what you have you will never get faster than 50mb/s period so stop worrying about it
You can or buy a mini PC with 2 network adapter try setting it up with pfsence. that will get you full power on VPN
but maybe after 1 year of pulling your hair and waiting for someone in the pfsence forum to help you out as I have seen others attempt with great failure.
bon chance

 

[Xentrk]

Hi Guys,
I do face some trouble when using VPN on my Asus Router.
Running the AsusWrt Merlin image 380.64.

When I do the speedtest without VPN I do have a 80/70 Mbit connection.

After switching to OpenVPN Clients I do have a dramatic loose of data, I checked already different providers like PP, VyprVpn and ExpressVpn. All of them do have the same problem I loose a lot of bandwith when running VPN.

When running VPN I do have 30/50 Mbit which is wired as download is lower then upload

Any idea's what the reason could be?

br
rt2016

Greetings! I shared this recently in another posting but will post it again.

You can search the web and find many complaining about OpenVPN performance. I have seen this for myself. I have done a lot of testing and found that distance and level of encryption will impact performance. OpenVPN is single processor threaded so it cannot take advantage of multi-core processors. I have a quad core pfSense box and get the same download speed as my AC88U when using VPN. Since my primary purpose is streaming media, I don’t use any encryption in order to get the best streaming performance. I am primarily trying to circumvent geo-blocking.

When it comes to VPN performance, distance is not your friend. If I connect to the TorGuard server in Bangkok without encryption, I get near native line speed. The further away the server, the download speed starts to drop. I have also noticed that VPN performance can vary at different days of the week or times of the day. For the most part, I get very good to excellent streaming most of the time. The few times I have had issues, I find a power cycle of the modem and router usually will do the trick. The RT-AC88U has been working great for my OpenVPN requirements.

I currently have fiber with 100Mbps down/10Mbps up when not using VPN. I often get 120Mbps down/15Mbps up when I have tested. ISP provides a Fiberhome GPON modem/router. The router CPU and firmware are very limited. And that is saying it nicely! What you want to do is place the ISP modem/router in bridge mode. Basically, you are turning it into a modem. Take screen prints of the settings, etc before you start changing things. Turn off DHCP, the radio and other services not required. Note the PPOE userid and password as you will need this when configuring your router. Your provider should have given you a piece of paper with the userid and password.

Use yorgi’s awesome VPN client set up guide over in the VPN forum combined with instructions from your provider. I also included the following in the Additional Config section to further tune my settings.

persist-key
persist-tun
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
tun-mtu 1500
mssfix 1450
nobind
mtu-disc yes
pull
fast-io
auth-nocache

I have two AC88U connected to the Fiberhome modem. Router A is set “All” for Redirect Internet Traffic and router B is set to “Policy Rules”. I primarily use Router A as I want all of my devices to connect to USA. Another family member lives next door. I set up Router B for their use. All of their devices use the native WAN. But their Roku player goes through their VPN connection. Both routers use the same 3BB userid and password. This allows me to change VPN servers if I need to without impacting them.

Right now, I am watching the Fiesta Bowl live with no buffering or blurry screen. It is as sharp and clear as if I was watching on satellite or cable TV back in USA. I take it as a victory. Even though my download speeds are nowhere near native line speed, I’ve learned to accept that as good enough as getting around geo blocking and being able to streaming media was my main reason for OpenVPN.

I check in on the OpenVPN roadmap and threads periodically to see when multi-core processing will be enabled. It will require a complete rewrite of OpenVPN. It is being talked about at least.

You may like to read the following:
https://community.openvpn.net/openvpn/wiki/RoadMap
https://community.openvpn.net/openvpn/wiki/PerformanceTesting

 

[rt2016]

I see then my problem is the fiber router/modem from the provider. Unfortunately the provider do have a complete closed fiber box, where I not have any chance to do changes into bridge mode. From Provider side we got an Icotera IGW 3000. And here I can't do any changes so far.

 

[yorgi]

I see then my problem is the fiber router/modem from the provider. Unfortunately the provider do have a complete closed fiber box, where I not have any chance to do changes into bridge mode. From Provider side we got an Icotera IGW 3000. And here I can't do any changes so far.

I wouldn't give up hope.
Here is a really good guide for Fiber
http://blog.ngpixel.com/post/104449747538/how-to-bypass-bell-fibe-hub-and-use-your-own-router
check it out.

 

[yorgi]

I see then my problem is the fiber router/modem from the provider. Unfortunately the provider do have a complete closed fiber box, where I not have any chance to do changes into bridge mode. From Provider side we got an Icotera IGW 3000. And here I can't do any changes so far.

Even if you bridged the fiber router you won't get better speeds from your VPN. The speeds you get are very good and quite normal. I have seen people get way lower figures then that. So don't go getting all worked up. Nothing is wrong with your setup. Don't go opening up a can of worms because you will end up back where you started from.
The guide for fiber that I posted is useful if your wifi from the fiber router is not strong enough. But if you are getting the speeds you are then there is nothing to worry about or fix.
Good luck.

 

[rt2016]

My provider only do have a website where I can de-activate the Wifi function nothing else is possible.

 

[rt2016]

What VPN provider would you guys recommend? I did some trial with VyprVPN and also with Purevpn. The last one is not that good.

 

[Xentrk]

A lot of the sites that review VPN providers get a commission if you sign up using a code or link from their site. I use Torguard with the private IP option. It works on just about every client out there and supports installs on many firmwares. I get five connections and have it installed on pfsense, win 10, android, iOS, did-wrt and melrlin FW. A lot of people here use PIA but they can't get around Netflix and Hulu blocks. Express VPN is another that seems to get positive reviews. Make sure they have a trial period.

 

[Xentrk]

Eventually, I'm sure consumer routers will start be shipped with GPON connection in addition to Ethernet. But we may be a way off. I see that TP-Link makes a GPON modem but not available for consumer purchase. Seems to only be available to ISPs. I was surprised to see fiber being run straight to the home here in the Land of Smiles. Back in USA, ISPs will market their high speed fiber optic network. But the last mile to the home is usually coax.

I used to have my vpn running on the router that was hooked up to the fiber modem/router as LAN to WAN. This article explains the necessary steps.

http://www.linksys.com/ca/support-article?articleNum=132275

But I like to tinker and looking at the article posted by Yorgi intrigued me.

 

[doczenith1]

Here are my speeds using the OpenVPN Client. Both routers running Merlin 380.64 firmware. Using the VPN client to connect with PIA VPN servers.

AC3100 (same as AC88U minus 4 ethernet ports)
CTF enabled
DL: 61 Mbps with core 1 at 25%, core 2 at 75%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U
CTF + FA enabled
DL: 43 Mbps with core 1 at 25%, core 2 at 80%
UL: 60 Mbps with core 1 at 35%, core 2 at 100%

AC68U
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

As a comparison when using the PIA VPN client on my Snapdragon 808 based cell phone I get 77 down and 124 up. All speed test performed using the DSLReports HTML5 test.

 

[Xentrk]

Here are my speeds using the OpenVPN Client. Both routers running Merlin 380.64 firmware. Using the VPN client to connect with PIA VPN servers.

AC3100 (same as AC88U minus 4 ethernet ports)
CTF enabled
DL: 61 Mbps with core 1 at 25%, core 2 at 75%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U
CTF + FA enabled
DL: 43 Mbps with core 1 at 25%, core 2 at 80%
UL: 60 Mbps with core 1 at 35%, core 2 at 100%

AC68U
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

As a comparison when using the PIA VPN client on my Snapdragon 808 based cell phone I get 77 down and 124 up. All speed test performed using the DSLReports HTML5 test.

Hi there Sparty fan! Curious me wants to know the approximate distance from you to the VPN servers you are connecting to plus the encryption decipher. Do you get near naked line speed when you use no encryption? Try a location half way across the world if you can so I can see how it compares with my testing. Also, what options do you have in the "additional config" section. Does your vpn provider provide client software for you laptop or computer? I wonder what results you would get if you ran a test with the vpn client turned off on the router.

I hardly see any CPU usage on my router when running speed tests.

Thanks!!!

 

[doczenith1]

I am roughly 180 miles from the PIA VPN server that I am connecting to in Chicago, IL. The router is setup per the instructions here: https://helpdesk.privateinternetacc...ing-up-an-Asus-Router-running-Merlin-Firmware which uses Encryption Cipher: AES-128-CBC. If I'm not mistaken the port that they tell you to use also has something to do with the cipher so I'm not sure how to configure my router to run without encryption. I'd be more than happy to try a few test without encryption is someone was able to assist me with the correct settings to use. Looks like there is a sticky with some guidance. I'll take a look. When you say try a location half way across the world are you referring to the PIA server that I am connecting to? And then use a speedtest site near that server or half way across the world from the vpn server? And with the vpn client or router vpn? Again, per the website above I have "persist-key" and "persist-tun" entered in the Custom Configuration section. The VPN provider does provide client software although I haven't tested it with a capable computer yet. I actually am planning on doing that later on tonight and will report back. If there are any particular test you would like me to perform with the client let me know. I do plan on running test with varying levels of encryption.

When I run non-VPN speed test core 1 on the router hits around 96-98%. On my old AC68U which had the option to use Flow Acceleration in addition to Cut Through Forwarding I would see negligible cpu usage during speed test.

 

[doczenith1]

Here are the results using the PIA VPN client on a 32 bit Win7 machine connected to the nearest PIA server to me. The Ookla tests were run using Firefox. The DSLReports tests were run using Chrome because Firefox kept crashing due to what I think was not enough ram. Results are Mbps down/up. I ran 3-5 tests and took an average of the results. I get 940/950 without the VPN.

All Speed No Safety
Data encryption: None
Data authentication: None
Handshake: ECC-256k1

Ookla: 320/590
DSLReports: 240/535

Default Recommended Protection
Data encryption: AES-128
Data authentication: SHA1
Handshake: RSA-2048

Ookla: 260/360
DSLReports: 240/350

Maximum Protection
Data encryption: AES-256
Data authentication: SHA256
Handshake: RSA-4096

Ookla: 240/290
DSLReports: 220/260

 

[Xentrk]

I am roughly 180 miles from the PIA VPN server that I am connecting to in Chicago, IL. The router is setup per the instructions here: https://helpdesk.privateinternetacc...ing-up-an-Asus-Router-running-Merlin-Firmware which uses Encryption Cipher: AES-128-CBC. If I'm not mistaken the port that they tell you to use also has something to do with the cipher so I'm not sure how to configure my router to run without encryption. I'd be more than happy to try a few test without encryption is someone was able to assist me with the correct settings to use. Looks like there is a sticky with some guidance. I'll take a look. When you say try a location half way across the world are you referring to the PIA server that I am connecting to? And then use a speedtest site near that server or half way across the world from the vpn server? And with the vpn client or router vpn? Again, per the website above I have "persist-key" and "persist-tun" entered in the Custom Configuration section. The VPN provider does provide client software although I haven't tested it with a capable computer yet. I actually am planning on doing that later on tonight and will report back. If there are any particular test you would like me to perform with the client let me know. I do plan on running test with varying levels of encryption.

When I run non-VPN speed test core 1 on the router hits around 96-98%. On my old AC68U which had the option to use Flow Acceleration in addition to Cut Through Forwarding I would see negligible cpu usage during speed test.

Confirms what I thought that you are geographically close in computer terms to your vpn server. Which helps explain the good speeds you reported. Plus, you have a 1k Mbps ISP which helps. I get near native line speed on OpenVPN when connecting to server in Bangkok with no encryption. But it drops significantly when connecting to west coast. And slightly more when connecting to mid west. But I can stream media without buffering so I can not complain. I had no issues watching the holiday college bowl games. PIA should have servers here in SE Asia and I suspect you will see a drop in performance if you run a test.

I was curious if you had tried the sndbuf and rcvbuf options I list in my prior post, along with the fast-io option.

Having the vpn client installed on your devices is a good idea when connecting to a public wifi.

 

[doczenith1]

Looks like the two PIA Servers closest to you are Hong Kong and Singapore. I'll run some tests through them later this evening and see how much of an impact there is.

I did see your tweaks for the vpn client. To be honest my use of the vpn client on my router was more of a testing and curiosity thing. I mainly use the vpn for torrenting here and there and just run the PIA client on the computer that I use for P2P.

 

[doczenith1]

Ran some tests with the Hong Kong and Singapore servers. Results are Mbps down/up ping.

Default Recommended Protection
Data encryption: AES-128
Data authentication: SHA1
Handshake: RSA-2048

Hong Kong PIA Server
Ookla: 22/68 280 - Bangkok test server
Ookla: 11/26 240 - Hong Kong test server
DSLReports: website responded "Speed testing over TOR is not supported for anonymous users. How fast is TOR? the answer is: slow!"

Singapore PIA Server
Ookla: 25/79 290 - Bangkok test server
DSLReports: 60/400 205

All Speed No Safety
Data encryption: None
Data authentication: None
Handshake: ECC-256k1

Singapore Server
DSLReports: 60/510 208

 

[Xentrk]

Ran some tests with the Hong Kong and Singapore servers. Results are Mbps down/up ping.

Default Recommended Protection
Data encryption: AES-128
Data authentication: SHA1
Handshake: RSA-2048

Hong Kong PIA Server
Ookla: 22/68 280 - Bangkok test server
Ookla: 11/26 240 - Hong Kong test server
DSLReports: website responded "Speed testing over TOR is not supported for anonymous users. How fast is TOR? the answer is: slow!"

Singapore PIA Server
Ookla: 25/79 290 - Bangkok test server
DSLReports: 60/400 205

All Speed No Safety
Data encryption: None
Data authentication: None
Handshake: ECC-256k1

Singapore Server
DSLReports: 60/510 208

Thanks! I appreciate it. I validates my testing and the impact of distance on OpenVPN performance. I've also seen some burps in the internet and sometimes I get 4x the speed I normally do, only to see them fall back to average. But like I said, no blurry TV or buffering when watching 4K TV using my Roku. I think the CPU in the Roku helps. It really improved compared to using the built in Smart TV apps on the TV itself. Stay warm in E. Lansing. It is a cool 73 F here.
p.s. I am a fan of most Michigan sports teams.

 

[unclebuk]

Greetings! I shared this recently in another posting but will post it again.

You can search the web and find many complaining about OpenVPN performance. I have seen this for myself. I have done a lot of testing and found that distance and level of encryption will impact performance. OpenVPN is single processor threaded so it cannot take advantage of multi-core processors. I have a quad core pfSense box and get the same download speed as my AC88U when using VPN. Since my primary purpose is streaming media, I don’t use any encryption in order to get the best streaming performance. I am primarily trying to circumvent geo-blocking.

When it comes to VPN performance, distance is not your friend. If I connect to the TorGuard server in Bangkok without encryption, I get near native line speed. The further away the server, the download speed starts to drop. I have also noticed that VPN performance can vary at different days of the week or times of the day. For the most part, I get very good to excellent streaming most of the time. The few times I have had issues, I find a power cycle of the modem and router usually will do the trick. The RT-AC88U has been working great for my OpenVPN requirements.

I currently have fiber with 100Mbps down/10Mbps up when not using VPN. I often get 120Mbps down/15Mbps up when I have tested. ISP provides a Fiberhome GPON modem/router. The router CPU and firmware are very limited. And that is saying it nicely! What you want to do is place the ISP modem/router in bridge mode. Basically, you are turning it into a modem. Take screen prints of the settings, etc before you start changing things. Turn off DHCP, the radio and other services not required. Note the PPOE userid and password as you will need this when configuring your router. Your provider should have given you a piece of paper with the userid and password.

Use yorgi’s awesome VPN client set up guide over in the VPN forum combined with instructions from your provider. I also included the following in the Additional Config section to further tune my settings.

persist-key
persist-tun
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
tun-mtu 1500
mssfix 1450
nobind
mtu-disc yes
pull
fast-io
auth-nocache

I have two AC88U connected to the Fiberhome modem. Router A is set “All” for Redirect Internet Traffic and router B is set to “Policy Rules”. I primarily use Router A as I want all of my devices to connect to USA. Another family member lives next door. I set up Router B for their use. All of their devices use the native WAN. But their Roku player goes through their VPN connection. Both routers use the same 3BB userid and password. This allows me to change VPN servers if I need to without impacting them.

Right now, I am watching the Fiesta Bowl live with no buffering or blurry screen. It is as sharp and clear as if I was watching on satellite or cable TV back in USA. I take it as a victory. Even though my download speeds are nowhere near native line speed, I’ve learned to accept that as good enough as getting around geo blocking and being able to streaming media was my main reason for OpenVPN.

I check in on the OpenVPN roadmap and threads periodically to see when multi-core processing will be enabled. It will require a complete rewrite of OpenVPN. It is being talked about at least.

You may like to read the following:
https://community.openvpn.net/openvpn/wiki/RoadMap
https://community.openvpn.net/openvpn/wiki/PerformanceTesting

You can connect two routers to the LAN on the modem, and configure both routers as PPPoE connections with the same ISP user-ID and password?

I as well use two routers (asus stock FW): ToT fiber modem in bridge mode. 1st router connected to LAN 1 of the modem and connection is PPPoE, 2nd asus router is connected to LAN of 1st router with Auto IP setting. I use openVPN on 2nd router. Seems to work, don't know your setup works so well, or it was even possible.

Does torguard unblock USA Netflix??

Also, can encryption be switched off torguard openVPN, L2TP, etc., or is that managed by merlin or other firmware on the router?

 

[unclebuk]

What VPN provider would you guys recommend? I did some trial with VyprVPN and also with Purevpn. The last one is not that good.

I am using expressVPN, mostly openVPN and L2TP; works fine here in SE Asia, USA netflix no problem, KODI streams well. Really strange thing is when I connect to the server in Bangladesh, my speed is 77 Mbps / 14, and I have a 35/15 fiber service from the ISP. Why the speed doubles using vpn baffles me. I use ookla for speed tests.

You should consider trying expressVPN (free trial for 7 days)....its more costly than some vpn services, but the only one that can unblock USA netflix to date.