What's new

OpenVPN performance of the RT-AC86U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

After flashing the latest beta (386.3 Beta 3, correct?), did you do a full reset to factory defaults without using any saved backup config files?
Before to flash beta was installed stable, same issue. I have been use hard reset as per your instructions after flashing from stock to Merlin.


Have you ever hit the max you expect on OpenVPN
Yes, but not with this router, it was xiaomi 3g with padavan fw, wo any issue maximum speed with some reducing due to losses.
What options past defaults are you using in the OpenVPN settings?
I use all dafault option, disabled QOS, installed skynet and diversion only.
 
Last edited:
Hi

Is anyone still following up on this thread? It took a long time but I finally read all posts about the high vpn performance from the AC86U.

I just got one and saddly I'm not seeing the same great performance many of you see.

My connection without VPN is close to 200Mbps download with 4ns for ping.
The max I've got is 98Mbps download & 93Mbps upload at 40 ns with the next conditions

Can someone advice what I can do to improve vpn performance?

Code:
AC86U Merlin 386.3_2
Client 3
Runner is indicated to be enabled
PIA server  US Houston
(some of the next configuration options are from many of the posts in this thread)

resolv-retry infinite
cipher AES-128-GCM
tls-client
remote-cert-tls server
disable-occ
fast-io
sndbuf 524288
rcvbuf 524288
compress
auth-nocache
mute-replay-warnings
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
persist-key
persist-tun
 
The server you connect to may not provide the speed your router is capable of. Lower speed is not necessarily hardware/configuration related.
 
Additionally something weird that is really driving me crazy

I just tested with speedtest.net with different devices.

On my Pixel 5 the download speed can reach 120Mbps
On an iPad 7 it can reach 120Mbps
But on my laptop with i5 6th gen on wifi it reaches 96Mbps and with ethernet (usb adapter) 60Mbps. Wifi faster than ethetner (cat 5e cable)

The openvpn client is running on the AC86U so I don't understand why the windows laptop is slower than the mobile devices. It's specially weird that ethernet is so slow when VPN is active as when is turned off it easily reaches the full 200Mbps from my ISP.
 
All mentioned devices can run VPN. With a local client you can switch servers with few clicks. Why you run it on the router?
 
you can get about 200Mb on Ac86U for OpenVPN but a case your router will not do anything in the same time as it will take 100% CPU.
If you are using QoS in the same time or anything else do a math :) it iwll even slow down much more where PCU will be overheating.

Pixel 5 have Octa-core (1x2.4 GHz Kryo 475 Prime & 1x2.2 GHz Kryo 475 Gold & 6x1.8 GHz Kryo 475 Silver) CPU that is bethen CPU your router have. I do not what to look how many Cores you VPN app is using and if it have Hardware Acceleration.

If you need OpenVPN on your router you need to by special router for it as https://www.pfsense.org/products/ or build you own miniPC as router with pfsense, opnsense, openWRT etc.

Here for example pfsense quid for configuration etc. https://www.pfsense.org/products/#requirements
 
Try switching between UDP and TCP. For some reason, some recent SDK updates caused one of these two to drop significantly in performance, and I have no idea why. Not all router models seem affected either, which is why I suspect it`s an SDK thing.
 
you can get about 200Mb on Ac86U for OpenVPN but a case your router will not do anything in the same time as it will take 100% CPU.
If you are using QoS in the same time or anything else do a math :) it iwll even slow down much more where PCU will be overheating.

OpenVPN uses single core. VPN Client 1 uses core 2, routing is on core 1. On 384 firmware I could see ~260Mbps OpenVPN with Adaptive QoS enabled. AiProtection is irrelevant - it doesn't see/inspect VPN encrypted traffic. On 386 firmware the fastest OpenVPN speed was ~170Mbps under same conditions and to the same server. I have NordVPN account to test with. I don't know what speeds PIA can offer. My Intel x86 firewall can reach ~350Mbps to NordVPN servers. The appliance may perhaps do more, but this is what I get in real life with NordVPN. Up to, not guaranteed.
 
My experience with adding additional settings beyond the default PIA provides in their configuration files results in no changes in speeds.

Here are my default custom settings from the PIA configurator:

resolv-retry infinite
cipher aes-128-cbc
tls-client
remote-cert-tls server
disable-occ

I have switched to using StrongVPN as PIA no longer delivers the speeds it used to.

Here are the results of some download speed tests I ran today:

WAN = 423 Mbps

StrongVPN Miami (200 miles distant ) 112 Mbps

StrongVPN Atlanta (500 miles distant ) 154 Mbps

PIA Miami 82 Mbps

StrongVPN - Wire Guard on a VPN appliance I7 processor Miami 449 Mbps

As Merlin suggested you might want to try a configuration from PIA using TCP. Be sure you use their configuration tool to generate the configuration file.
 
All mentioned devices can run VPN. With a local client you can switch servers with few clicks. Why you run it on the router?

The Pixel 5 and iPad are used to test network speed and sure they all can have the PIA app installed, but the reason why I have the AC86U to be the OpenVPN client is to provide VPN access to the devices that do not have a VPN client like the Android TV box or the TV.

Something also kind of weird is that for the iPad and Pixel the OpenVPN speed I get is much better than the speed I get if I use Wireguard, I don't know why.

Even with my laptop (using the PIA app), OpenVPN is faster than Wireguard.
 
I forgot to mention, I use PIA and the VPN in the AC86U to access Netflix and Prime Video content from the US catalogue.
Of course I also use the VPN for security and privacy reasons.

Another question to everyone.
Is it possible to configure shadowsocks in the AC86U?
 
I use PIA and the VPN in the AC86U to access Netflix and Prime Video content from the US catalogue.

You should be fine with the speed you have. Netflix/Prime use high compression, 4K video streams need about 25Mbps.

Of course I also use the VPN for security and privacy reasons.

Based in Colorado, PIA operates under US legal jurisdiction. Read what it means for privacy. PIA promises best effort only.
 
Got upgraded to 350Mbps free from my ISP today, Asus Ac86u still only getting 186Mbps while under MullvadVPN openvpn though. If I go with normal internet connection WAN and Mullvad software hit 340Mbps though so the server appears fine.

I take it there is not much I can do and limited by the Asus Ac86u processor here?

Have tried 384.19, 386.3, 386.4 beta firmware's also, qos and AI switched off also.
 
Last edited:
That sounds in the ballpark.

Are you verifying that you're connected to the same server?
 
Yes connected to same server, tried also with a different VPN provider with closest server available to me same results.

And we don't have any Asus Routers with faster processors with Merlin firmware support I take it?

Is there any other alternatives here, apart from complicated set ups like pfsense, ideally something that is identical to Asus Merlin easy setup with policy routing and kill switch?
 
Is there any other alternatives here

Yes. On-router VPN client - only for selected devices with no VPN client options. Good enough for streaming videos from different regions. On-device VPN client - for high speed VPN connections, when needed. Your x86 computer can do better for downloading Linux distros. Don't use all network VPN, not a good idea.
 
Is there any other alternatives here, apart from complicated set ups like pfsense, ideally something that is identical to Asus Merlin easy setup with policy routing and kill switch?
Sabai Technology offers preconfigured mini PCs (VPN Accelerator). Not inexpensive but if you don't want to be bothered setting up a system on your own it is a possibility. You probably can expect to get up-to 95% of your line speed using a VPN appliance. Never tested my VPN appliance with a full gig connection but I have no problems getting close to 700 Mbps on a VPN client on my network.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top