What's new

Low OpenVPN upload speed, RT-AC66U, Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

colecaz

Regular Contributor
I have an RT-AC66U set up at home as an OpenVPN server using server 1 on RMerlin's 350.58 firmware. I used the Export feature for the config file for my Asus Zenbook laptop (i7-6500U, 12GB RAM, 512 SSD, Gigabit USB 3.0 LAN adapter) to set up the client and all connects and VPN works.

The problem I'm looking to solve is I think I'm getting restricted upload speeds. Using speedtest.net from the client laptop over the VPN I get about 8 Mbps download and 3 Mbps upload. This is on verified WAN connection of 150/10 Mbps at the server and 200/20 at the client. I can see how the 10 Mbps upload at the server would keep the measured download speed at the client below 10 Mbps but don't see why I can't get over 3-4 Mbps upload from client to server. I understand the client sends the upload to the server over the 20 Mbps connection and the server has to send it to speedtest over its 10 Mbps upload link, but I'm puzzled why I don't get higher upload speeds. Looking at the server CPU usage, it maxes at 100% on download tests but only runs around 40% on uploads.

I've googled the heck out of this, tried a bunch of what I found, looked through SNBForums and nothing has made significant improvements.

Any ideas or suggestions are appreciated.
 
Last edited:
If you're using the USB Ethernet adaptor, that could be the (only) reason why, imo. Search for recent similar posts about slow connections via USB. USB is highly inefficient if you are looking at it for fast and large storage and LAN transfers.

The RT-AC66U has a single core 600MHz processor that is probably running flat out on uploads (even if it can only get to 40% utilization). Don't forget that it is routing, downloading and uploading (simultaneously) when you're VPN'd into it and doing a speedtest run.

If you really want better VPN speeds, the RT-AC1900P (Best Buy exclusive) or better is your best bet (same price as the 75% slower RT-AC68U or RT-AC56U 'previous' generation models). That will buy you a 233% faster processor ('AC1900P or higher) with dual cores vs. one and better RF radio hardware, design and firmware than the almost 5 year old 'AC66U. That should get you VPN speeds that are limited by the ISP's only.

And even then, keep in mind that home ISP packages are 'up to' speeds; they're not guaranteed. So those faster speeds might only be seen depending on the time of day and/or other factors too (business lines are usually lower at their peaks, but guaranteed to not be slower than what was purchased 'most of the time').
 
L&LD... Thanks for the quick reply. I've signed up for PIA since I posted and testing their OpenVPN speeds using the client install I did with the RT-AC66U and only changing to use their config file, I max out the ISP speed at the client (200/20) consistently. And looking at the config differences I don't see anything to point to as major differences. This tells me the problem is with the Asus router as you indicated. Thanks also for the summary of performances and the Best Buy suggestion. I've always been leery of their house branded stuff but with your recommendation I'll give them a shot. And they have easy returns if needed.
 
Yorgi,
It's strange. I got your reply via email notification but don't find it here.

Anyway, with the AC66U and using the PIA OpenVPN client on my laptop I get full ISP speeds with Speedtest showing 233 dn/24 up. When I enable the routers OpenVPN client 2 with the instructions from PIA I get 9 dn/14 up from Speedtest. Of course the laptop OpenVPN client is not connected while the router client is.

This is at least a baseline. If I get an AC1900P I'll do the same tests and report them here.
 
It's not that the Asus has a "problem", it's that the Asus CPU is that much slower at encryption than a PC-grade CPU.

Unless you require a router that is capable of 200Mbit VPN speeds, I would simply use the PC as the client. If you really need a router capable of those VPN speeds, you can install a router OS like pfSense onto a desktop PC.
 
Yorgi,
It's strange. I got your reply via email notification but don't find it here.

Anyway, with the AC66U and using the PIA OpenVPN client on my laptop I get full ISP speeds with Speedtest showing 233 dn/24 up. When I enable the routers OpenVPN client 2 with the instructions from PIA I get 9 dn/14 up from Speedtest. Of course the laptop OpenVPN client is not connected while the router client is.

This is at least a baseline. If I get an AC1900P I'll do the same tests and report them here.
Sorry about that. I didn't read L&LD reply properly and i just pretty much said what he told you.
Dual core cpu will be better but don't expect anywhere near the speeds you get from your Local ISP
you should get somewhere in the range of 30-50 mb/s if your lucky.
Try it out and let us know :)
 
It's not that the Asus has a "problem", it's that the Asus CPU is that much slower at encryption than a PC-grade CPU.

Unless you require a router that is capable of 200Mbit VPN speeds, I would simply use the PC as the client. If you really need a router capable of those VPN speeds, you can install a router OS like pfSense onto a desktop PC.
good luck with pfsence :p I suggest stick with a router. Who needs faster speeds then 50mb/s
The USA gives bandwidth away for free LOL
in Canada they charge us crazy prices for 200 mb/s
 
Busy day... Picked up a RT-AC1900P at BB and went to testing. First set it up using the stock firmware out of the box, 3.0.0.4.380_1842. Then enabled the OpenVPN client with my PIA account and ran a test that way. Then loaded RMerlin 380.62_1. It put the previously set up client on client 5 so I left it there. Tweaked the RMerlin setup per instructions found on PIA support pages and went to testing it. I did have to manually enter the PIA DNS on the LAN page as the router client didn't want to assign one automatically no matter what I did. Did NOT do any manual resets or reboots. I just let it apply changes and reset automatically when it wanted. The router was not loaded with traffic other than two web browsers, IE11 showing Network Map>Status of the router and Chrome running the speedtest site. Below are the test results.

CPU loads were highly variable and I made the best estimate using snapshots during the test run. As a baseline, using my AC66U with Merlin client 2 I get 9 Mbps dn/14 Mbps up on PIA.

Asus VPN client
The stock Asus only used CPU 1 during the test
CPU 1/35% @20 Mbps dn, CPU 1/41% @22 Mbps up

No VPN Merlin FW CPU 1 only active
CPU 1/30% @234 Mbps dn, CPU 1/7% @23 Mbps up
ISP service is sold as 200/20

Merlin Client 5
I tried various speedtest sites and all were the same within measurement error
CPU 1/8% CPU 2/27% @25 Mbps dn
CPU 1/7% CPU 2/24% @20 Mbps up

Laptop Client using PIA setup
CPU 1/28% CPU 2/0% @223 Mbps dn
CPU 1/5% CPU 2/0% @ 22 Mbps up

Conclusions:
Unlike my AC66u, the dual cpu's never went to 100%, so they weren't the download limit.
All tests fully saturated my upload service above its rated 20 Mbps speed.
All download speeds using the router client were the roughly the same as upload speeds and much lower than expected.
The AC1900P GUI is noticeably faster than the AC66u.

Questions:
Why do the up and down speeds match so closely using the router client?
Why the DNS not getting automatically assigned using router VPN client?
 
Last edited:
Another comment on my testing today..

I ordered the RT-AC1900P on Best Buy's website and where it is shown as $199.99 plus tax. When my wife picked it up they said a refund was due and now the order in my account on-line shows the price as $175.99. I'll take it!!
 
You're testing it wrong, imo.

When you flashed RMerlin's firmware, you should do a full reset to factory defaults (see details below).

http://www.snbforums.com/threads/no...l-and-manual-configuration.27115/#post-205573

http://www.snbforums.com/threads/rt-ac66u-slow-wan-to-lan.12973/page-3#post-269410

http://www.snbforums.com/threads/faq-nvram-and-factory-default-reset.22822/


In addition, you should reboot the router after all/major changes. Not doing so is leading you to inaccurate conclusions and wild goose chases to find solutions for issues that you yourself cause to exist (because you didn't follow the appropriate steps in the above links).
 
OK, I'll admit to being lazy. You're right, I should have reset to factory after the Merlin flash but since I saw nothing out of the norm I didn't. But I have done as you suggested and factory reset Merlin's software and manually reentered the few settings (password, wifi SSID and password, LAN IP and DHCP range, DDNS, and the OpenVPN Client, this time using client 1). With a reboot after all the settings were entered.

A few quick retests of VPN performance with the clean setup gave essentially the same results as I documented in post #8.

So I submit that the data in post #8 are valid, as are the conclusions and questions.
 
Last edited:
I think OpenVPN is single-threaded, meaning it will only use one CPU, but I could be wrong...
 
Busy day... Picked up a RT-AC1900P at BB and went to testing. First set it up using the stock firmware out of the box, 3.0.0.4.380_1842. Then enabled the OpenVPN client with my PIA account and ran a test that way. Then loaded RMerlin 380.62_1. It put the previously set up client on client 5 so I left it there. Tweaked the RMerlin setup per instructions found on PIA support pages and went to testing it. I did have to manually enter the PIA DNS on the LAN page as the router client didn't want to assign one automatically no matter what I did. Did NOT do any manual resets or reboots. I just let it apply changes and reset automatically when it wanted. The router was not loaded with traffic other than two web browsers, IE11 showing Network Map>Status of the router and Chrome running the speedtest site. Below are the test results.

CPU loads were highly variable and I made the best estimate using snapshots during the test run. As a baseline, using my AC66U with Merlin client 2 I get 9 Mbps dn/14 Mbps up on PIA.

Asus VPN client
The stock Asus only used CPU 1 during the test
CPU 1/35% @20 Mbps dn, CPU 1/41% @22 Mbps up

No VPN Merlin FW CPU 1 only active
CPU 1/30% @234 Mbps dn, CPU 1/7% @23 Mbps up
ISP service is sold as 200/20

Merlin Client 5
I tried various speedtest sites and all were the same within measurement error
CPU 1/8% CPU 2/27% @25 Mbps dn
CPU 1/7% CPU 2/24% @20 Mbps up

Laptop Client using PIA setup
CPU 1/28% CPU 2/0% @223 Mbps dn
CPU 1/5% CPU 2/0% @ 22 Mbps up

Conclusions:
Unlike my AC66u, the dual cpu's never went to 100%, so they weren't the download limit.
All tests fully saturated my upload service above its rated 20 Mbps speed.
All download speeds using the router client were the roughly the same as upload speeds and much lower than expected.
The AC1900P GUI is noticeably faster than the AC66u.

Questions:
Why do the up and down speeds match so closely using the router client?
Why the DNS not getting automatically assigned using router VPN client?
You are missing the point. You will never get 200mb/s with that router on VPN
The CPU will never reach 100% when using VPN.
You may think you have headroom but you don't
Its the way it is. Ideally you should get 40 to 50 mb/s but it also depends where you are located and if the server you are using from PIA is fast enough. Try testing on the NY servers or Canada Toronto Server
You are getting an avarage of 25 mb/s
Why not go to a torrent that has tons of seeds and test it in real life. Speed tests are useless unless you use them in the real world.
Also take a look at this guide http://www.snbforums.com/threads/ho...ia-and-other-vpn-providers-10-15-fixed.30851/
its way better to go with that then what PIA has on their website.
Use this to test your speeds and see their server capabilities.
https://www.privateinternetaccess.com/pages/network/
 
I think OpenVPN is single-threaded, meaning it will only use one CPU, but I could be wrong...

That's correct.

OpenVPN devs used to talk about OpenVPN 3.x as a target for multithreading. No idea if that's still in their plans, their latest focus seem to be on 2.4.0.
 
First off, thanks to all who have contributed to my learning. Hopefully this thread will help someone in the future.

All I was trying to do in asking the forum about speeds was to determine where the VPN bottleneck I was experiencing occurs and why. And after getting the AC1900P it's obvious the bottleneck is in the AC66U's I'm using (a total of three in various networks I have running). I'm not trying to get full 200 Mbps ISP speed using the Asus routers. I'm just trying to get the VPN speed up to the capacity of what I'm paying for in Arizona and North Carolina so I can get file transfers off my NAS4Free server in Arizona at close to the speeds my services are rated for. Since I have 20 up in NC and 10 up in AZ I know that's the limit I'll see. Since I wasn't getting near those speeds I wanted to know why, and now I know.

I subscribed to PIA just to have a known fast VPN to test against. And using their OpenVPN client setup on my I7 processor they show what can be done and using the client on the router shows what it can do. It appears the AC1900P OpenVPN client can do low 20's Mbps down and somewhere above 20 up. No telling what it can do on upload until I can get a faster WAN upload service.

With this exercise I've accomplished what I set out to do, learn why I was seeing such slow speeds on VPN between AZ and NC. It's the router.
 
First off, thanks to all who have contributed to my learning. Hopefully this thread will help someone in the future.

All I was trying to do in asking the forum about speeds was to determine where the VPN bottleneck I was experiencing occurs and why. And after getting the AC1900P it's obvious the bottleneck is in the AC66U's I'm using (a total of three in various networks I have running). I'm not trying to get full 200 Mbps ISP speed using the Asus routers. I'm just trying to get the VPN speed up to the capacity of what I'm paying for in Arizona and North Carolina so I can get file transfers off my NAS4Free server in Arizona at close to the speeds my services are rated for. Since I have 20 up in NC and 10 up in AZ I know that's the limit I'll see. Since I wasn't getting near those speeds I wanted to know why, and now I know.

I subscribed to PIA just to have a known fast VPN to test against. And using their OpenVPN client setup on my I7 processor they show what can be done and using the client on the router shows what it can do. It appears the AC1900P OpenVPN client can do low 20's Mbps down and somewhere above 20 up. No telling what it can do on upload until I can get a faster WAN upload service.

With this exercise I've accomplished what I set out to do, learn why I was seeing such slow speeds on VPN between AZ and NC. It's the router.
Its not just the router. The 68U does 50mp/s and was tested from a buddy of mine who lives in California and uses PIA. Choose the right VPN server and you can get way better then 20mb/s so don't give up so easy and say its the routers fault.
You can get way better speeds then that. Its the server that you are using.
I have connected to Toronto server many times and I got really bad speeds then I reconnect to the same Toronto server but I get another computer and the speeds are super fast. You have to test your speeds in the real world. Speed tests are just an average.
 
colecaz, like yorgi said, it's not the router, part of it is the server you're connected to.

The RT-AC1900P should be close to 80Mbps or more if all things were optimal between the router and the endpoint, including the ISP connection(s).

So, your conclusion is off, imo. In your case, the slow VPN speeds between AZ and NC is not the router, it is your ISP service(s). Specifically the 'up values' from both sides and possibly further exacerbated by the USB Ethernet port you're using on your laptop too.

Another point to keep in mind is that home ISP plans are 'up to' values (where the level of service is not guaranteed). While business plans do come with a minimum level of performance (which you pay dearly for), but in many cases, that 'minimum' is faster than the nominally faster and cheaper home plans.

If you have a chance of trying a business grade ISP package (on both ends at the same time), you may be pleasantly surprised by the outcome. The monthly costs will bring you back to earth quickly though. ;)
 
I totally agree. Residential ISP's are not stupid and they know about VPN and torrents.
For them it means downloading torrents which of course they don't like because they want to sell you the most money for less bandwidth.
They definitely throttle and its not that hard for them to do.
A business ISP on the other hand doesn't do that because they just don't care. They give the best service to their clients even if they know they download torrents. Don't forget commercial makes way more money then residential.
A because they charge a lot more for a premium service and B because commercial clients tend to be more loyal where as residential clients go for the best deals which are not usually as good as they thought.
Blaming routers is not the way to go. there are to many obstacles in the middle to really know what is at play.
I use Business Videotron ISP and they don't mess around. I always have full throttle.
I have 15mb/s up and down and I pay 65 CDN which is about 55 US, to get that 100mb/s that people in the US get for 50 USD I would have to pay close to a couple of hundred dollars. Why such a difference? well for one thing business don't cap and they don't throttle, this is why they charge that premium price, its not to their benefit to cap or throttle!!!!
 
Yorgi and L&LD, I hear what you're saying but am having a hard time believing that it's not the router slowing things down.

When I use the OpenVPN client on my PC and let the RT-AC1900P router pass the data encoded in the PC on to PIA I get the full ISP speeds on the encoded data to and from PIA, 223 dn/22 up. Then when I switch to sending un-encoded data from the PC to the router and the client firmware built into router does the coding I consistently get around 25 dn/22 up, regardless of which PIA server I use. The only thing changed is the location where the VPN encoding/decoding takes place, so these results tell me the router client is limiting downloading and decoding speed from PIA but not upload speed. No doubt in my mind that the 20 Mbps upload service I have from the ISP is limiting the up numbers from either client and there is no way to tell what the router or PC client is capable of without greatly increasing the ISP upload rating. But the 200 Mbps download service is more than enough to feed the router decoder as much as it can handle and it seems to limit at 25 Mbps or so decoding speed whereas the PC client can decode the 223 Mbps the ISP can feed it.

Thanks again for your interest and comments.
 
What PIA settings are you using. With AES-128-CBC, SHA1 you should easily be able to get into the 50-60 Mbps range. If you are using AES-256-CBC, SHA256 the 25-30Mbps range is more likely. In my testing, its the SHA256 auth digest that causes the big hit.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top