What's new

[Dev] Asuswrt-Merlin 388.1 development

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
OpenVPN DCO is still under development from the OpenVPN developers, and won't be available until OpenVPN 2.6.0. And it's currently unknown what kernel version will be required to support this feature.

I only meant no improvement in dev 388.1; I really can’t speculate how well it will work in the future. But yes generally higher throughput in terms of internet means faster speeds which as Rmerlin was saying could be done in two ways resulting in more or less cpu usage.
 
The more I work with Wireguard, the more I dislike it.

- No concept of a "client disconnecting" - once a peer (client) contacts another one (server), it will stay forever there, with no way of knowing that the "client" has disconnected - that's because to Wireguard, there are no client and servers connecting, just peers talking to one another

okay, I'm not liking this in regards to Wireguard, and then there is NAT hardware acceleration being disabled with Wireguad enabled.
 
That is a worst case scenario however, as that CPU lacks AES acceleration. A modern router with AES acceleration can hit 220-250 Mbps with OpenVPN on a 1 Gbps WAN link, while WG might hit 300 Mbps but limit that 1 Gbps WAN link to only 400 Mbps of max WAN throughput. And since WG uses Chacha20, it cannot leverage any of the existing cipher hardware acceleration technologies available.

I think I'm experiencing higher than 300 Mbps with WG, but not over 400 Mbps. It does look like my clients are restricted to 400 Mbps with WG enabled.

And what's worse, it seems to restrict all clients to 400Mbps, you don't seem to be able to have client 1 at 300Mpbs and client 2 at 300Mbps on 1 GB connection at the same time

I'm going to be doing more testing with my latest laptop soon.
 
Last edited:
Does the Asus Wireguard implementation allow HW acceleration?
No

Per @RMerlin discussion
And that's on top of the fact that it's incompatible with NAT hardware acceleration, that it uses a cypher that has no hardware acceleration, and that various VPN providers require a custom implementation and/or don't provide any downlodable config file to configure it manually. Asus had to implement dedicated support for NordVPN and HMA, which I will most likely not be offering in Asuswrt-Merlin since it's part closed-source, and part tied to VPNFusion, which I don't support.

Frankly, nothing but drawbacks from a router's point of view when compared to OpenVPN, or even IPSEC.

Here is the rest of that answer:

That is a worst case scenario however, as that CPU lacks AES acceleration. A modern router with AES acceleration can hit 220-250 Mbps with OpenVPN on a 1 Gbps WAN link, while WG might hit 300 Mbps but limit that 1 Gbps WAN link to only 400 Mbps of max WAN throughput. And since WG uses Chacha20, it cannot leverage any of the existing cipher hardware acceleration technologies available.

And once OpenVPN gets DCO finalized, it should in theory also allow OpenVPN to leverage a hardware SPU, which means both lower CPU usage and higher throughput. Or you can go for just higher throughput by leveraging multithreading instead of an SPU, but with a higher CPU usage.
 
Last edited:
VPN Director mostly done. Just need to clean up the backend code a bit, as I don't like the current implementation.

1664850769793.png
 
Good job Eric!

I'm verry surprise how smooth this development go's compared to the last major upgrades. Verry verry nice!

Now I run stock 388 om both my AX88U's and I mis the Merlin vibe and feel.

IMO the only thing Asus did better is a smooth and automated update/upgrade proces. Will you adopt this in the future?
 
Eric any chance you have plans to support the new RT-AXE7800 >?
 
Eric any chance you have plans to support the new RT-AXE7800 >?
I don't have anything to announce yet regarding new models, sorry.

IMO the only thing Asus did better is a smooth and automated update/upgrade proces. Will you adopt this in the future?
No. I don't have the resources to devote to providing a secure live update environment. This is a potential major security risk, and I don't have a team of system administrators to monitor such a setup.
 
Do you have any good technical specifications on this router? (or does @Tech9 have a link to the "insider" on this model) I ask because I am curious if it is Broadcomm.
Only thing I found so far is:
*ASUS RT-AXE7800, powered by a 1.7 GHz quad-core 64-bit Broadcom CPU
 
So that means it should have even worse OpenVPN performance than the AX88U.

God I wish there was a way to run Merlin on a leftover linux box.
 
So that means it should have even worse OpenVPN performance than the AX88U.

God I wish there was a way to run Merlin on a leftover linux box.
That’s what PFsense is for.
 
So that means it should have even worse OpenVPN performance than the AX88U.
Not necessarily. It can be slightly faster than OpenVPN (which caps at around 220 Mbps on that router), however it will limit your WAN connection to somewhere around 300 Mbps.
 
This question is more towards the OpenVPN people and not directly towards RMerlin:
Is there any QR client setup for OpenVPN, rather than importing/exporting certs?
I found client setup for the WG QR setup convenient.
client is setup, then client scans QR code, and up
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top