ScottK83
New Around Here
Hey guys,
First time poster here. Appreciate the valuable info I've found as I have been researching new routers for use with ExpressVPN. I wanted one specifically with hardware encryption/decryption capability and ended up with hardware v1.1 version of the Asus RT-AX88U router, which supports AES-NI.
I followed the instructions on ExpressVPN for setting up OpenVPN with the native firmware and it worked perfectly out of the box. The range is also much, much better than the Linksys WRT 3200ACM router I had been using for ExpressVPN.
I had read all about the great things that changing the firmware to Merlin could allow, so am now running 384.15 and have had no issues connecting to ExpressVPN.
However, how can I tell if OpenVPN is using the AES-NI instructions?
I ran this command:
AES-128-GCM: 3200/3.88 = 824 Mbps
AES-256-CBC: 3200/4.00 = 800 Mbps
According to the information on this website (https://x3mtek.com/openvpn-performance/), it seems like this is higher Mbps than just the processor would allow natively.
My ISP only gets me up to 30ish Mbps so I can't judge download speed with or without the VPN running. To saturate the download I set up a download of a popular linux distribution on bittorrent: With VPN on of the cores occasionally got up to around 10%, and another core was maybe 1-2%. With VPN off, one of the cores was around 1-2%. Download speeds were the same.
That test is very rudimentary and I can't tell based on CPU load if OpenVPN was simply using the CPU or was using the hardware encryption/decryption chipset.
For the experts here, is there a definitive test I can run or something I can look for in the logs to tell me with certainty if that chipset is being used? The CPU is fast enough by itself that I probably don't need the builtin hardware support, but if it is there, it would be nice for it to be used.
Thanks!
First time poster here. Appreciate the valuable info I've found as I have been researching new routers for use with ExpressVPN. I wanted one specifically with hardware encryption/decryption capability and ended up with hardware v1.1 version of the Asus RT-AX88U router, which supports AES-NI.
I followed the instructions on ExpressVPN for setting up OpenVPN with the native firmware and it worked perfectly out of the box. The range is also much, much better than the Linksys WRT 3200ACM router I had been using for ExpressVPN.
I had read all about the great things that changing the firmware to Merlin could allow, so am now running 384.15 and have had no issues connecting to ExpressVPN.
However, how can I tell if OpenVPN is using the AES-NI instructions?
I ran this command:
Code:
openvpn --genkey --secret /tmp/secret
time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbcAES-128-GCM: 3200/3.88 = 824 Mbps
AES-256-CBC: 3200/4.00 = 800 Mbps
According to the information on this website (https://x3mtek.com/openvpn-performance/), it seems like this is higher Mbps than just the processor would allow natively.
My ISP only gets me up to 30ish Mbps so I can't judge download speed with or without the VPN running. To saturate the download I set up a download of a popular linux distribution on bittorrent: With VPN on of the cores occasionally got up to around 10%, and another core was maybe 1-2%. With VPN off, one of the cores was around 1-2%. Download speeds were the same.
That test is very rudimentary and I can't tell based on CPU load if OpenVPN was simply using the CPU or was using the hardware encryption/decryption chipset.
For the experts here, is there a definitive test I can run or something I can look for in the logs to tell me with certainty if that chipset is being used? The CPU is fast enough by itself that I probably don't need the builtin hardware support, but if it is there, it would be nice for it to be used.
Thanks!
