Need Help and Advice for Two RT-AC68U's with Aimesh AccPt w/ethernet

[JT Strickland]

Howdy, Folks,
An old noobie here, been lurking for a few weeks, now I'm ready to pop the question and show my ignorance, because I have no doubt you guys are the best in the world at what you do. I recently purchased a new pair of AC68U's for my home/office network. I have a small office (24x36) about 100' west (between routers) of our house (30x40) with one set up as the Aimesh access point with current stock firmware and the primary router with asuswrt Merlin current firmware connected with an ethernet cable. There is a NSD connected to the access point router with a short ethernet cable.

We had AT&T broadband less than a month ago, 6 Mb/s tops, which wasn't going to meet our needs for cutting the cable, so we moved to MaxxSouth 70 Mb/s line with a Netgear CM1000 docsis 3.1 modem, and the two asus routers. I was originally going to get a AC86U (I think) with an inexpensive wall plug in access point, but a lot of reviews that I read gave me second thoughts, hence the pair of older AC68U routers. We have since upgraded our internet to 250 Mb/s after learning it was just a few bucks more. We have a couple of firesticks and tv's at the house, a printer, laptop, and misc iPhones and tablets. The office has a desktop computer, notebook computer, printer, and external hard drive, etvc.

I have recently subscribed to Windscribe VPN and did my best to set up the router with it through Open VPN, based on cook book recipes and your tips and suggestions that I gleaned from the forum. Afterwards I turned on most of the bells and whistles on the router, such as AiProtection, Adaptive QoS, Traffic Analyzer, etc, not realizing that it would degrade my performance. I saw where hardware acceleration was disabled and I came to the forum and learned why, and turned it all back off. It seemed to work OK, sort of, but I wasn't getting the speed that I felt we should be at the house. The internet now comes in at the office, and everything at the house, except the node router and NSD, are on wireless 5 ghz network, except the printers which are on the 2.4. This was with the 70 Mb/s package. After upgrading to 250 Mb/s, it seemed our wireless speed dropped instead of gaining. We are getting 250+/- Mb/s at the modem without VPN, and the speed with the VPN on at my desktop is from anywhere to 100 to about 220 Mb/s. The wireless devices (firesticks, etc) at the house are about 20-30 Mb/s with the VPN and maybe 50-100 outside the VPN. It seemed like a wireless problem totally, but when we checked the speed at the main router with an ethernet cable, it was showing about the same speed as the firesticks. Odd thing, my desktop is plugged in by ethernet right beside it , and it usually pegs out at 220 Mb/s with VPN and 250 without, but the mileage varies. The VPN does pretty well with the IKeV2 protocol, but it isn't available with OpenVPN.

Either I've got settings wrong with the VPN configuration in the router, or the router configuration, or something else. I am considering taking the vpn off the router and only using it when necessary on devices that need it, strip the routers to factory defaults, trash the aimesh, and configure the other router as a plain access point. I don't know but about enough to be dangerous with this. Do you guys & gals have any advice, suggestions, recommendations, or just plain "Do that!" or "Don't do that!"? I don't know for sure what to try.

I have some other questions, but this is already way to long to ask here. I just wanted you to understand what I did and what I was trying to do, and with what.

Thanks for you help.

 

[JT Strickland]

Guys, we could sure use some advice here. I tried to hire this done, but we are in a rural area, and the only advertised tech in our area didn't return my call when I left a message with receptionist about VPN and configuring Asus routers for a home network. I am confident that somebody here knows what we should do.
I found a couple other threads that was very similar from a year or so ago,
"Rt-ac3100 very strange Ethernet port issue", and "AiMesh Gigabit Internet Slow Speed". The first guy didn't resolve it as far as I can tell, and the second one rolled back his firmware and it worked.
My PC is getting 250+ Mb/s download outside VPN plugged into AC68U lan port, and a tablet plugged right beside it is getting about 50 Mb/s, both windows 7. The cable guy checked it earlier with a laptop and found slower speeds. He first thought the router was defective. It may be, I don't know. There is something not right. I understand a lot of our loss is through wireless in the home, VPN, and slow fire tv processors, but we should be getting more than 10%. And that still don't explain why one 1gb lan port is 250 and the one beside it is less than 50.
The access point Aimesh router is about 100 feet from the primary, with ethernet backhaul, and the primary is only "seeing" about 35% of the signal. Maybe that is another factor. Which is why I am going to try a simple access point without the mesh. I gotta try something.

 

[coxhaus]

When you don't know switching stuff around is a good way to figure it out. Just remember where you need to go back to and how to get there.

 

[Grisu]

Your RT-AC68U or RT-AC3100 cant do faster VPN than about 20-30Mb/s, CPU is limiting factor. You could get an RT-AC86U or RT-AX88U, both should give you about 200Mb/s.

You said ethernet backhaul, so what do you mean with 35% signal as WiFi isnt used as backhaul?

 

[OzarkEdge]

Howdy, Folks,
An old noobie here, been lurking for a few weeks, now I'm ready to pop the question and show my ignorance, because I have no doubt you guys are the best in the world at what you do. I recently purchased a new pair of AC68U's for my home/office network. I have a small office (24x36) about 100' west (between routers) of our house (30x40) with one set up as the Aimesh access point with current stock firmware and the primary router with asuswrt Merlin current firmware connected with an ethernet cable. There is a NSD connected to the access point router with a short ethernet cable.

We had AT&T broadband less than a month ago, 6 Mb/s tops, which wasn't going to meet our needs for cutting the cable, so we moved to MaxxSouth 70 Mb/s line with a Netgear CM1000 docsis 3.1 modem, and the two asus routers. I was originally going to get a AC86U (I think) with an inexpensive wall plug in access point, but a lot of reviews that I read gave me second thoughts, hence the pair of older AC68U routers. We have since upgraded our internet to 250 Mb/s after learning it was just a few bucks more. We have a couple of firesticks and tv's at the house, a printer, laptop, and misc iPhones and tablets. The office has a desktop computer, notebook computer, printer, and external hard drive, etvc.

I have recently subscribed to Windscribe VPN and did my best to set up the router with it through Open VPN, based on cook book recipes and your tips and suggestions that I gleaned from the forum. Afterwards I turned on most of the bells and whistles on the router, such as AiProtection, Adaptive QoS, Traffic Analyzer, etc, not realizing that it would degrade my performance. I saw where hardware acceleration was disabled and I came to the forum and learned why, and turned it all back off. It seemed to work OK, sort of, but I wasn't getting the speed that I felt we should be at the house. The internet now comes in at the office, and everything at the house, except the node router and NSD, are on wireless 5 ghz network, except the printers which are on the 2.4. This was with the 70 Mb/s package. After upgrading to 250 Mb/s, it seemed our wireless speed dropped instead of gaining. We are getting 250+/- Mb/s at the modem without VPN, and the speed with the VPN on at my desktop is from anywhere to 100 to about 220 Mb/s. The wireless devices (firesticks, etc) at the house are about 20-30 Mb/s with the VPN and maybe 50-100 outside the VPN. It seemed like a wireless problem totally, but when we checked the speed at the main router with an ethernet cable, it was showing about the same speed as the firesticks. Odd thing, my desktop is plugged in by ethernet right beside it , and it usually pegs out at 220 Mb/s with VPN and 250 without, but the mileage varies. The VPN does pretty well with the IKeV2 protocol, but it isn't available with OpenVPN.

Either I've got settings wrong with the VPN configuration in the router, or the router configuration, or something else. I am considering taking the vpn off the router and only using it when necessary on devices that need it, strip the routers to factory defaults, trash the aimesh, and configure the other router as a plain access point. I don't know but about enough to be dangerous with this. Do you guys & gals have any advice, suggestions, recommendations, or just plain "Do that!" or "Don't do that!"? I don't know for sure what to try.

I have some other questions, but this is already way to long to ask here. I just wanted you to understand what I did and what I was trying to do, and with what.

Thanks for you help.

One suggestion is to post smaller paragraphs and as many as you need to help the reader comprehend your details.

Here's a summary:

o MaxxSouth cable ISP 250/? Mbps and CM1000 modem in detached office.

o 2xRT-AC68U AiMesh with router (Asuswrt-Merlin 384.13) in office, node (Asuswrt should be 45717) with Ethernet NAS in house, and 100' Ethernet backhaul.

o Windscribe VPN with OpenVPN on router.

o ISP speeds test ok at modem.

Some thoughts:

o Build out your network a piece at a time and confirm performance before layering on more complexity. So, start with a basic AiMesh setup, no bells and whistles. Use it for awhile to learn what is normal so that you can know abnormal later when you see it.

o AiMesh does not support guest WLANs on the house node where you might want them. A house AP will support guest WLANs, BUT guests will have full access to your LAN, so not practical.

o Your ISP speeds appear to test ok at the modem and router using your wired Win7 PC. So, that's your expected benchmark.

o Your router VPN is throttling your ISP speeds due to the encryption burden on your router. An 86U router with hardware encryption would perform better... it is recommended for VPN applications. (I have no experience with VPNs ). You will probably conclude that using router VPN in your current configuration will not be suitable for your house traffic.

o Use separate SSIDs and fixed channels for your WiFi. See my install notes for suggested settings and firmware setup advice. Be sure to reset router firmware before configuration.

o Next, use a wireless PC client to speedtest.net 2.4 GHz and 5.0 GHz connections at the router; then at the node. A 5.0 GHz AC connection to the node (866 Mbps link rate), should test at full ISP speed, I think. Here are some recent speed tests I performed on my 2xRT-AC86U AiMesh with wireless backhaul.

o Inspect the router Status tab and elsewhere to see if you can confirm that the wired Ethernet backhaul is registering at 1 Gbps. Make sure the AiMesh node is using the Ethernet backhaul and not a 100' wireless backhaul through detached structures. A 100' 68U wireless backhaul could be a bottleneck. From my notes... If necessary, configure node connection priority to force using a wired backhaul (required with some LAN switches that defeat Auto sensing of connection type).

o If you can swap router and node location, you'll i) remove the likely heavier house WiFi traffic from your AiMesh node/backhaul/processing; ii) support guest WLANs at the house for guest wireless clients; and iii) serve NAS files from the router, which might be more efficient. If you can't move the ISP cable, you could connect to the modem over the existing Ethernet cable and try a wireless backhaul from the node in the office... maybe, perhaps with 86Us... but moving the ISP cable and modem with the router to the house would be best.

I would step methodically through the above considerations, confirming performance as you go. Speed test with a worthy wired and wireless PC client and pay attention to its WiFi adapter link rate and connection status (easy to find in Win7 CP Network and Sharing Center; harder to find in Win10) to know that its connection is not throttling the speed test. A WiFi adapter with 2 antennas will double the link rate... cheaper devices have only one antenna which will more likely throttle WiFi speeds at distance.

OE

 

[JT Strickland]

When you don't know switching stuff around is a good way to figure it out. Just remember where you need to go back to and how to get there.

Thanks a bunch. I am starting tomorrow evening, reset to factory, turn on one thing at a time, and add the Aimesh after I try it with a plain access point and see what happens. I may add a AC86U as primary router and and use the two 68's as mesh nodes if the Aimesh works out.

 

[JT Strickland]

Your RT-AC68U or RT-AC3100 cant do faster VPN than about 20-30Mb/s, CPU is limiting factor. You could get an RT-AC86U or RT-AX88U, both should give you about 200Mb/s.

You said ethernet backhaul, so what do you mean with 35% signal as WiFi isnt used as backhaul?

Grisu, I was talking about what the primary router indicated for the 5ghz network in site survey, which is about 35%. I assume that it would have to ignore it's own signal. The 2.4 ghz network is of course stronger. I assume, also, that the routers "communicate" wirelessly. I changed the aimesh node priority from auto to cable. If the Aimesh will work correctly for us, then I may get an RT-AC86U or similar for primary and use the others for access points/ nodes. I would have to "daisy chain" them together if they will work that way. I think so?

 

[JT Strickland]

One suggestion is to post smaller paragraphs and as many as you need to help the reader comprehend your details.

Here's a summary:

o MaxxSouth cable ISP 250/? Mbps and CM1000 modem in detached office.

o 2xRT-AC68U AiMesh with router (Asuswrt-Merlin 384.13) in office, node (Asuswrt should be 45717) with Ethernet NAS in house, and 100' Ethernet backhaul.

o Windscribe VPN with OpenVPN on router.

o ISP speeds test ok at modem.

Some thoughts:

o Build out your network a piece at a time and confirm performance before layering on more complexity. So, start with a basic AiMesh setup, no bells and whistles. Use it for awhile to learn what is normal so that you can know abnormal later when you see it.

o AiMesh does not support guest WLANs on the house node where you might want them. A house AP will support guest WLANs, BUT guests will have full access to your LAN, so not practical.

o Your ISP speeds appear to test ok at the modem and router using your wired Win7 PC. So, that's your expected benchmark.

o Your router VPN is throttling your ISP speeds due to the encryption burden on your router. An 86U router with hardware encryption would perform better... it is recommended for VPN applications. (I have no experience with VPNs ). You will probably conclude that using router VPN in your current configuration will not be suitable for your house traffic.

o Use separate SSIDs and fixed channels for your WiFi. See my install notes for suggested settings and firmware setup advice. Be sure to reset router firmware before configuration.

o Next, use a wireless PC client to speedtest.net 2.4 GHz and 5.0 GHz connections at the router; then at the node. A 5.0 GHz AC connection to the node (866 Mbps link rate), should test at full ISP speed, I think. Here are some recent speed tests I performed on my 2xRT-AC86U AiMesh with wireless backhaul.

o Inspect the router Status tab and elsewhere to see if you can confirm that the wired Ethernet backhaul is registering at 1 Gbps. Make sure the AiMesh node is using the Ethernet backhaul and not a 100' wireless backhaul through detached structures. A 100' 68U wireless backhaul could be a bottleneck. From my notes... If necessary, configure node connection priority to force using a wired backhaul (required with some LAN switches that defeat Auto sensing of connection type).

o If you can swap router and node location, you'll i) remove the likely heavier house WiFi traffic from your AiMesh node/backhaul/processing; ii) support guest WLANs at the house for guest wireless clients; and iii) serve NAS files from the router, which might be more efficient. If you can't move the ISP cable, you could connect to the modem over the existing Ethernet cable and try a wireless backhaul from the node in the office... maybe, perhaps with 86Us... but moving the ISP cable and modem with the router to the house would be best.

I would step methodically through the above considerations, confirming performance as you go. Speed test with a worthy wired and wireless PC client and pay attention to its WiFi adapter link rate and connection status (easy to find in Win7 CP Network and Sharing Center; harder to find in Win10) to know that its connection is not throttling the speed test. A WiFi adapter with 2 antennas will double the link rate... cheaper devices have only one antenna which will more likely throttle WiFi speeds at distance.

OE

Ozark, you are right, your post is a lot easier to read than mine. It is difficult, no doubt, to read a post when one has to strain to pick out what the writer is trying to say.
The bullets help, too. I have saved the results of your links, and will give each due diligence.

I don't think the Cable company will move the cable from office to the house, however, but since they haven't buried it yet, now would be the time to ask. I prefer to have the primary router at the office if possible. I am considering an RT-AC86U, equivalent, or better, as the primary router. The other two should function fine as access points/ nodes. I can easily run another ethernet cable downstairs, if I can daisy chain them together.

I have tentatively decided to take the VPN out of the router and use apps for the devices that need a vpn. There's no need to run my TV's (excepting the firesticks), printers, etc through a VPN. I first thought it would be ideal, but it takes a toll on the bandwidth, as well as the router from what I've read. I do like the idea, however, of running an adblocker such as diversion and the extra protection of skynet which would complement the Merlin firmware, but I suppose I don't have to have a VPN to add these. I don't think I am ready to install them, though, this will have to come later after I figure out what is going on.

I wanted to buy an RT-AC86U, not realizing that I needed the extra computing power, but the reviews on Amazon made me "gun shy", and was probably unfounded. The little wall plug access pont/extender that I have would not have been sufficient, though. Now I've got a couple of pretty fair nodes if the Aimesh performs satisfactory. There are a lot of things that I would do differently if I were to start over.

We rarely have guests, particularly that need the internet, so that's not a problem. I currently have the guest networks disabled. We have separate networks, appending a _2 and a _5 to the SSID, and have the 2.4 Ghz on channel 1 at 20 Mhz and the 5 Ghz network on channel 161 at 80 Mhz, based on the site survey from the primary router. These are the best available in our little 'hood currently. I have made screen shots of all the current router configuration so I can at least put it back the way it was, hopefully, if all fails.

I really appreciate the time and effort that you and others have spent to give us a hand. The more I learn about this, the more I realize that I don't know anything about it. I will post the results, especially if we get some good ones, so that it may help others.

 

[Grisu]

If possible use a star topology instead of daisy-chain, but for sure its better to use wired backhaul and priority set to wired on both.
With 35% the signal is still quite strong I think, do you really need a second router over there?
If your clients are fast enough its always better to use less WiFi routers than more because of interferences.

 

[JT Strickland]

Grisu, The only way I could do a star configuration would be if the cable company would move the connection to the house, but I would rather have it at the office. I probably don't need the second router, but I felt it might strengthen the network and I will have it anyway if I get a faster one for the primary. It would probably be better to just keep it for a backup in case the radio or something goes out on the other one.

I was thinking about adding a tri-band router, if we do upgrade, but wondered if it would benefit me using the 68U as access point node(s). I saw some youtube videos on the AC3100, 3200, and 5200 (I think). If we do upgrade, I am going to take more time than before and try to get the right one the first time, but I'm partial now to Asus routers with Merlin firmware. We don't do much gaming, so processing speed, compatibility, and other features would be our main concerns. Our son likes gaming when he visits, though.

 

[OzarkEdge]

Ozark, you are right, your post is a lot easier to read than mine. It is difficult, no doubt, to read a post when one has to strain to pick out what the writer is trying to say.
The bullets help, too. I have saved the results of your links, and will give each due diligence.

To be clear, I meant no offense... I only wanted to suggest why we/helpers might not respond right away... sometimes we're too lazy in the moment to 'study' a new case to give a considered reply, so it's easier to delay and leave it for someone else with the time and energy. Meanwhile, the OP might feel overlooked.

It sounds like you are considering the issues.

Maybe the cable installers can install a second cable to the house and leave you/the next owner the option to request service over either one... one could argue that would be more standard... to have a cable to the house... or to each building. Just a thought.

If you have the 86U router at the house, you would then star connect the two 68Us, perhaps one wireless in the house for extended WiFi, and one wired in the office.

It's not easy to anticipate results, so sometimes its more predictable to plan for them... as in locate the wired router link to the Internet where it will serve the most traffic to keep that traffic off less robust portions of the network, such as a mesh backhaul; and avoid daisy-chaining that concentrates backhaul traffic/node processing.

You can always get a long cable and temporarily try different network configurations to see how it feels. So, if plan A leaves you wondering, try plan B to see if a reconfiguration would be worth the effort.

There is a post around here suggesting Amazon is shipping 2019 86Us. In theory, a more recent build could have production revisions to correct previous issues, such as earlier reports of some 2.4 GHz radio failure, etc. I've deployed six 2018 86Us, four in AiMesh systems, without any known hardware defects. So, I'd buy one again.

OE

 

[JT Strickland]

OzarkEdge,

No offense taken, I didn't mean it to sound like that. I just took off typing, trying to get everything in, and probably repeating myself, without thinking of the reader. It's just natural to abandon a thread if it's difficult to read.

I am thinking pretty strongly about getting the 86U, depending on what we learn after reset and reconfiguration this evening. Probably the most bang for the buck, and it would do what we need. It's what I wanted to begin with, but read a little too much in the wrong place. I suppose a newer 86U would have a better chance of not failing, but any of them can fail.

The cable company might drop another lead to the house. They still haven't buried this one, and the subcontractor could get them both in one trip. It would be the best central location upstairs in our house where the node is currently. I would only have to run a drop downstairs for the new node, and as you suggest, maybe a temporary one to try it out. If it doesn't complement the system, then I could take it out and put it up in the closet or something.

I was thinking about a tri-band or multi-band router, but I don't think it would be compatible with the 68's if I understand the technology, which I probably don't. This whole networking system and components is a lot more complex than I anticipated.

BTW, our purchased upload speed it 10 Mb/s, and 250 Mb/s download, and it sure looks like we're getting it at the modem. I could've gotten 250/250 for the same price currently, but we don't really need it since we don't do much gaming, and I was concerned they would raise the rates later, so I just asked for the 250/10 package. It's about $90 per month plus tax/fees.

Another Edit: I am thinking about putting the 384.14 beta Merlin on the primary and see what happens before we reset and reconfigure this evening and see if it helps us any. I don't suppose there is any pre-release notes, info, etc., available? I didn't find any. I understand if there isn't any.

thanks again,
JTS

 

[Grisu]

For gaming you dont need much bandwith, fast pings are what you need. Streaming (many devices) and downloading need bandwith.

You only shall prefer star, its not a must have.
And same for wired over wireless.
With your speeds all should do with line as limiting factor.

Triband is not used in wired backhaul config, so useless and not used by firmware!
With WiFi backhaul it could make things faster (not really on your 'slow' line.
Even only on one side (router or node) it could benefit, becaus one band is used for Aimesh and the other only for clients.
In single band Aimesh half the time is used for 'speaking Aimesh' (to router or node) and rest of time to clients.

Best to test it in real life www.fast.com on different clients and locations. If you are fine what you get keep it and all good.

 

[OzarkEdge]

I was thinking about a tri-band or multi-band router, but I don't think it would be compatible with the 68's if I understand the technology, which I probably don't. This whole networking system and components is a lot more complex than I anticipated.

I skipped tri-band this go around (3/2018), but I will favor it for the dedicated 5.0 GHz backhaul when I buy into AX equipment (2021?)... not that I will likely need it.

Last I noticed, Merlin 384.14 (uses stock 81049) was Alpha and any notes might be on a Github site(?) I backed down to stock 45717 from 81049, so... I would stick with Merlin 384.13 (uses stock 45717) for its released stability and because it matches up with using stock 45717 in the nodes. I have not used Merlin. (Just be sure to reset before configuration.)

More 2019 86U news: https://www.snbforums.com/threads/how-bad-are-the-ac86u-2-4ghz-issues.58899/page-2#post-517356

OE

 

[JT Strickland]

Thanks, folks, I really appreciate the help. I'll let you know if and when we learn something new and beneficial.
I'll give your advice and suggestions the utmost consideration.
jts

 

[JT Strickland]

We learned last evening that one of the ethernet cables was defective, so we left the Aimesh system in place as it is. Based on the feedback and other posts gleaned from the forum, we believe that the other issues are primarily from the processor speed of the various devices, perhaps the router also. Although I turned off the OpenVPN in the AC68U, I ordered a AC86U to use for the primary router and plan to use the other two 68U's as nodes or access points. I have some questions that I will start in another thread concerning this.

I want to thank each one who contributed and helped us along the way.
jts

 

[OzarkEdge]

We learned last evening that one of the ethernet cables was defective,

When I began working with Netware in the '80s, our motto was, '98% of all problems are cabling'. They were more so then with coax, than now with Ethernet, but the point (no matter the percentage) remains valid and worth remembering... don't overlook the interconnections of equipment.

OE