OpenVPN performance of the RT-AC86U

[demesmaeker]

Hi Merlin. Thank you for a quick answer. Any change that you can try Open VPN Client. That would be more then a deal breaker to hear the download values and CPU values with Client connected and running.

I really want to get My while house protected by hooking up this routers Open VPN Client to my VPN-Company.

I have fiber 250/100. I'm not into building my own router with pfsense.
I really waited a long time for the CPU's in commercial routers to deliver speed enough.

Thank you so much for your work/time/effort.

As soon as I (hopefully, depending on Speed of course) buying this router I will give you a donation. You're certainly worth that

Hi Henrik,
What VPN-Company will you be using?
What speed do you get if you download using your own computer as a client?

Friendly greetings,
Demesmaeker

 

[RMerlin]

Any change that you can try Open VPN Client.

I can't do any reliable test, sorry. My Internet connection is only 30 Mbps, and setting up an OpenVPN server on my LAN for test purposes would require a fair amount of work, and would still not provide necessarily accurate results versus those you would get over the Internet with a specific tunnel provider.

Best you check what other users have posted. I believe one of them did post a 200 Mbps test result, I don't remember however which tunnel provider he used, and whether it was with such a provider or as a server.

 

[payandplay]

I can't do any reliable test, sorry. My Internet connection is only 30 Mbps, and setting up an OpenVPN server on my LAN for test purposes would require a fair amount of work, and would still not provide necessarily accurate results versus those you would get over the Internet with a specific tunnel provider.

Best you check what other users have posted. I believe one of them did post a 200 Mbps test result, I don't remember however which tunnel provider he used, and whether it was with such a provider or as a server.

Hi Merlin,

I have running OpenVPN server on my ASUS AC86U with asuswrt firmware.
I have stable tunnel speed around 60 mpbs/60 mpbs with ISP service 200 mpbs/120 mpbs. What do you think about this speed, can the router achieve more with the stock firmware or i should change to merlin beta firmware?

One more outstanding question i have.

When i SSh to the router how to save a new iptable route to the router config?
Everytime i reboot the router the entries are gone!

I have added:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE

 

[RMerlin]

I have running OpenVPN server on my ASUS AC86U with asuswrt firmware.
I have stable tunnel speed around 60 mpbs/60 mpbs with ISP service 200 mpbs/120 mpbs. What do you think about this speed, can the router achieve more with the stock firmware or i should change to merlin beta firmware?

OpenVPN is more optimized in my firmware, however it shouldn't make a big difference. Your speed limitation might be from your tunnel provider rather than your router's CPU.

When i SSh to the router how to save a new iptable route to the router config?

Can't be done with the stock firmware, you need my firmware and a firewall-start or a nat-start custom script.

 

[payandplay]

OpenVPN is more optimized in my firmware, however it shouldn't make a big difference. Your speed limitation might be from your tunnel provider rather than your router's CPU.



Can't be done with the stock firmware, you need my firmware and a firewall-start or a nat-start custom script.

Ok so i will upload your firmware and than can you explain what i need to do in order to save the iptable rules.

thank you

 

[fryrpc]

Ok so i will upload your firmware and than can you explain what i need to do in order to save the iptable rules.

thank you

Please post back how you get on as when I tried Beta1 it did not produce a valid OPVN file - I think that was fixed in Beta2 but I am holding off so would really be interested how you get on as you have a similar setup and requirement.

 

[Henrik Troudi]

I'm more then interested in this matter as well. My broadband speed is 250/100. If I could get around 100 mbit it would be awseome.

https://www.ovpn.com/en

I get very high speeds when using my laptop (i-7 gen 4)
No bootleneck with that old laptop.

But I'm still dreaming (almost every day) to turn all traffic in my whole house encrypted through the routers OPENVPN-client mode.

My Openvpn company sells their own router (360 dollar) But the hardware is pretty old compared to the router we discuss in this thread.

https://www.ovpn.com/en/box

Also I wanna run Merlin build for many other reasons.

 

[Henrik Troudi]

If anyone could test client-mode down/Up Speed I would be more then grateful

 

[Tom Jo-Jo Junior Shabadoo]

If anyone could test client-mode down/Up Speed I would be more then grateful

Hi,

It maxes out my line on Merlin beta2. I get a consistent 100/27 Mbit on openvpn udp AES-256-CBC to a server 600 km away.
I get 117/27 without vpn. It's on about 60% CPU usage, so it can properly do better, but I don't know anyone nearby with fiber, so I cannot test it on a faster line.

Its more than enough for me. I don't want to run settop boxes, net radios and VoIP over the VPN. I only use it for PC's and phones/tablets.

/Tom

 

[Henrik Troudi]

Thank you Tom. That was a really helpful answer. WOOOOOOOOW time to bit.

 

[peraburek]

question for @RMerlin

if AC86U and OpenVPN is single-threaded getting round-about 200Mbps on VPN

it means you could run two OpenVPN Servers within AC86U (with Merlin FW) and probably saturate 2x 200Mbps clients (due to CPU - VPN affinity - odd/even VPN on different cores)

I didn't tried that, but I guess it should be possible, if yes, then AC86U router is a VPN beast that will be on the wish-list of many home-networking enthusiasts

 

[RMerlin]

question for @RMerlin

if AC86U and OpenVPN is single-threaded getting round-about 200Mbps on VPN

it means you could run two OpenVPN Servers within AC86U (with Merlin FW) and probably saturate 2x 200Mbps clients (due to CPU - VPN affinity - odd/even VPN on different cores)

I didn't tried that, but I guess it should be possible, if yes, then AC86U router is a VPN beast that will be on the wish-list of many home-networking enthusiasts

You'd get less than that.. Remember that beside the crypto, the router still has to handle things like routing. Right now, I devised things so the first OpenVPN server uses the second CPU core, while the routing is done on the first core. If you also run a server on the first core, it will have to compete with routing on CPU time.

 

[fryrpc]

On the standard firmware it seems to launch two OpenVPN Server processes
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
1182 1 admin S 6104 1.3 0 0.0 /etc/openvpn/vpnserver1 --cd /etc/openvpn/server1 --config config.ovpn
1179 1 admin S 5836 1.3 0 0.0 /etc/openvpn/vpnserver1 --cd /etc/openvpn/server1 --config config.ovpn

During file transfer over the VPN only one process seems to use any CPU - the other stays idle - and the active process switches between CPU0 and CPU1 as if it is load balancing:
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
1182 1 admin S 6104 1.3 0 5.8 /etc/openvpn/vpnserver1 --cd /etc/openvpn/server1 --config config.ovpn
1182 1 admin S 6104 1.3 1 6.9 /etc/openvpn/vpnserver1 --cd /etc/openvpn/server1 --config config.ovpn

 

[RMerlin]

On the standard firmware it seems to launch two OpenVPN Server processes

It's two separate threads of the same instance. I believe the first one is only to set everything up, and the second one is the one to which clients get connected, and which does all the work.

 

[fryrpc]

Ah OK
Well that second thread moves between CPU0 and CPU1 as I am putting load on the VPN Server link.

Transferring a big file:
PID CPU %CPU COMMAND
1182 0 5.8 /etc/openvpn/vpnserver1...
Start on CPU0 then a few second later changes to CPU1
1182 1 6.9 /etc/openvpn/vpnserver1...
and this swapping CPU's continues as the file is transferred over the VPN Server link.

 

[Henrik Troudi]

You'd get less than that.. Remember that beside the crypto, the router still has to handle things like routing. Right now, I devised things so the first OpenVPN server uses the second CPU core, while the routing is done on the first core. If you also run a server on the first core, it will have to compete with routing on CPU time.

So in My case with a 250/100 connection I would 't get near 200Mbit?
When running this router in client mode

 

[RMerlin]

So in My case with a 250/100 connection I would 't get near 200Mbit?
When running this router in client mode

See my test results for a reference.

Sent from my Nexus 5X using Tapatalk

 

[Henrik Troudi]

See my test results for a reference.

Sent from my Nexus 5X using Tapatalk

Hi and once again big Up to you!!!!

If you mean the test results in your first post i believe they are server speed test results?

Sorry just want to be sure.

 

[RMerlin]

Hi and once again big Up to you!!!!

If you mean the test results in your first post i believe they are server speed test results?

Sorry just want to be sure.

Shouldn't make any sizable difference, it's still encrypting and decrypting depending on the traffic direction.

 

[Henrik Troudi]

Ok thank you for a quick answer. I really want to put everything in my house behind a VPN client that runs on My router.
We're talking about 5 conputers , three smartphones, 3 Chromecast and One Nvidia Shields tv. Besides of that I'm having plenty of smart lamps and security cams