OpenVPN and ASUS RT56U

[Zeel]

Hey!

As you can see, this is my first post, but I've been lurking around the forums a while now. I reccently ran into a problem with my router, an ASUS RT56U. It usually works great and the trhoughput maxes my IPs bandwith (100/100).

What I did was add an OpenVPN client on one of my computers on the network. Its connected with the router via an Ethernet for maximum bandwith. The problem is that as soon as I start up the Openvpn client my transfer speeds drop to about a third of the maximum. Sure, some loss is expected, but 2/3s? I disconnected the router and plugged the PC in directly and suddenly it was just 3-5% loss. This led me to believe that its the router interfering.

I updated to the latest firmware (official) and tried again. No change. I did a factory reset, no change. Im not a complete novice regarding computers, but my skills in networking are a bit lacking. It seems to me that the router is the culprit.

Has anyone got any ideas? Should I try a custom firmware like Tomato? Any change in settings that might help?

Have a good one

Z

 

[L&LD]

The RT-N56U is simply an underpowered router for what you want to do with it.

No firmware will make it come close to your PC (PC is simply much more powerful).

You may want a newer router with more RAM and CPU power like the RT-AC56U or above. But keep in mind that your VPN connections will still be much lower than what you can achieve by connecting directly to a computer (with any router, even the even more powerful Netgear R7000).

 

[CaptainSTX]

No SOHO router that I am aware of will get you better than 60 - 80% of your non VPN connection.

You might want to experiment with a different VPN client and/or VPN provider.

I use a VPN accelerator from Sabai Technology and I get 95%+ throughput. The customized VPN software, router and Accelerator are expensive, but if speed is what you want then it is an option to consider.

 

[netware5]

Gentlemen,

I have a feeling that Zeel speaks about totally different case:

What I did was add an OpenVPN client on one of my computers on the network. Its connected with the router via an Ethernet for maximum bandwith. The problem is that as soon as I start up the Openvpn client my transfer speeds drop to about a third of the maximum. Sure, some loss is expected, but 2/3s? I disconnected the router and plugged the PC in directly and suddenly it was just 3-5% loss. This led me to believe that its the router interfering.

So, no OpenVPN is running on the router, it runs on a PC. So the router should just route the OpenVPN transit packets as any other packets. It should not cause slowdown.

My proposal is to check if the QoS is enabled on the router, may be it interfere with OpenVPN traffic.... No other ideas what happened. Weird ...

 

[Zeel]

Gentlemen,

I have a feeling that Zeel speaks about totally different case:



So, no OpenVPN is running on the router, it runs on a PC. So the router should just route the OpenVPN transit packets as any other packets. It should not cause slowdown.

My proposal is to check if the QoS is enabled on the router, may be it interfere with OpenVPN traffic.... No other ideas what happened. Weird ...

Exactly! Was just about to clarify. I dont think the QoS is enabled, at least it wasnt when I checked the settings last time. Yeah, I cant figure it out either. Its not a problem with port forwarding, if it was the traffic would be blocked completely, correct? Could it be something with the NAT firewall in the router? It doesnt recognize the packets from the PC as "safe" and have to check them, thus slowing down the throughput?

 

[netware5]

Exactly! Was just about to clarify. I dont think the QoS is enabled, at least it wasnt when I checked the settings last time. Yeah, I cant figure it out either. Its not a problem with port forwarding, if it was the traffic would be blocked completely, correct? Could it be something with the NAT firewall in the router? It doesnt recognize the packets from the PC as "safe" and have to check them, thus slowing down the throughput?

May be something with hardware acceleration? Check if hardware acceleration is enabled. See also THIS THREAD and especially the Merlin's post there.

THIS also could be useful - the same router and similar problems. Try with different Merlin's FWs, but OLDER than the last version 374.43 due to the problems described in the first link above.

BTW you posted in wrong section - this is for wired only routers. May be this issue should be posted in another forum section HERE, if you use stock FW or HERE, if you use Merlin's FW. Asus wireless routers are discussed there and most of the experienced people staying there.

 

[Zeel]

May be something with hardware acceleration? Check if hardware acceleration is enabled. See also THIS THREAD and especially the Merlin's post there.

THIS also could be useful - the same router and similar problems. Try with different Merlin's FWs, but OLDER than the last version 374.43 due to the problems described in the first link above.

BTW you posted in wrong section - this is for wired only routers. May be this issue should be posted in another forum section HERE, if you use stock FW or HERE, if you use Merlin's FW. Asus wireless routers are discussed there and most of the experienced people staying there.

Thanks, I'll check out the thread as soon as I can. Ill try to move the thread, not sure if I can, maybe one of the mods could help out?

 

[sinshiva]

what is the status of qos or nat acceleration? is your isp PPPoE ? post the server and/or client configuration of the vpn with keys/certs omitted.

 

[Zeel]

what is the status of qos or nat acceleration? is your isp PPPoE ? post the server and/or client configuration of the vpn with keys/certs omitted.

QoS is set in automatic, NAT acceleration is enabled. I believe my ISP uses DHCP (not sure). Ill have to get back to you on the config, not at home atm.

 

[sinshiva]

QoS is set in automatic, NAT acceleration is enabled. I believe my ISP uses DHCP (not sure). Ill have to get back to you on the config, not at home atm.

first thing to try is disabling qos. enabling qos would disable NAT accel, so you must be mistaken on one or the other. QoS is a more likely suspect, though.

 

[Zeel]

first thing to try is disabling qos. enabling qos would disable NAT accel, so you must be mistaken on one or the other. QoS is a more likely suspect, though.

Yeah, you were right. My QoS is disabled, and NAT accel is enabled.

 

[sinshiva]

from here, the vpn configs will need to be looked at. using a vpn service? how much control do you have over the server config?

 

[Zeel]

from here, the vpn configs will need to be looked at. using a vpn service? how much control do you have over the server config?

Im using a VPN client from Vypr VPN. I have limited control, I can change which VPN protocol I want to use, but thats about it. I really dont think the problem is in the VPN client, since I dont experience any speed loss when I hook the the PC with the VPN client directly to the incoming fiber.

 

[sinshiva]

try adding mssfix 1500 to the client config

mssfix is weird. suggestions online suggest setting it for like 1400, however mssfix will reduce MSS much further than that, after having tested with wireshark. i noticed that setting mssfix to my wan mtu actually put MSS right about where i wanted. if that doesn't help, then try lowering the value further.

 

[Zeel]

try adding mssfix 1500 to the client config

mssfix is weird. suggestions online suggest setting it for like 1400, however mssfix will reduce MSS much further than that, after having tested with wireshark. i noticed that setting mssfix to my wan mtu actually put MSS right about where i wanted. if that doesn't help, then try lowering the value further.

Sorry for the late reply, been swamped at work. I havent tried any of those things, since I dont understand a word of it . Do you really think that the problem lies there? My gut feeling tells me its just a setting in the router that needs turn off or on. It seems like the router takes the encrypted packages from (and to) the HTPC and slows them down? The firewall?

Z

 

[Zeel]

This is just a shameless bump. Tried resetting the router, updating firmware but nothing helps. Any more ideas?