OpenVPN performance of the RT-AC86U

[kap55]

Here's the settings that the opvn file from PIA gave me

Auth digest - SHA1
Negotiable - AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
Legacy/Fallback - AES-128-CBC
Compression - LZO Adaptive

 

[PIAJayson]

Here's the settings that the opvn file from PIA gave me

Auth digest - SHA1
Negotiable - AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
Legacy/Fallback - AES-128-CBC
Compression - LZO Adaptive

Hi Kap55,

I was alerted to your update due to the speed increases by one of our customers. Can I please ask for the agent that you were dealing with at PIA?
I head the Support Department for PIA and it would be great to let them know that the ovpn file we supplied worked so well.

I'm also interested in which ovpn file it was as I've written a lot recently.... I personally write the ovpn files as, although we do not officially support Merlin, I use it personally (which is why I want to support it by the end of the year.)

Many Thanks

Jayson Q.
Head of Customer Support at Private Internet Access

 

[kap55]

Hi,

I never had any reason to deal with a PIA agent - I signed up for a one year account online and did my own setup.

You are correct about the lack of Merlin support - I used the CA Toronto opvn file dated 6 Feb 2017 that was in the Advanced Router Setup guides on your support page (I think the DD-WRT page). I may have had to make a couple of changes manually now that I think about it. Some info was from the Tomato setup guide and some was from Youtube videos. I did try your Seattle server but speeds were about 65% of the Toronto server (and I'm close to Seattle).

Speeds have dropped a little to 125 down 15 up this evening. That is a little more realistic than some of the earlier numbers that were above 150 down.

Previous 3 years I used an RT-68U but wanted to increase my Open VPN speed and the RT-86U has really done it.

 

[Rooby]

Hi

what should I set for NAT HW acceleration for fast OpenVPN speed (RT-AC88U, V382.1). Should I keep it disabled?

 

[doczenith1]

I will start this post with a big WOW! The 86U kicks some vpn butt. I started with the PIA US Chicago opvn file. Port 1198, UDP, SHA1 and AES-128-CBC encryption.
Custom values (first three were part of the ovpn file):
tls-client
remote-cert-tls server
disable-occ
auth-nocache

Using the DLSReports speedtest (average of 5 tests):
DL: 150 Mbps with core 1 at 35%, core 2 at 70%
UL: 241 Mbps with core 1 at 55%, core 2 at 90%

I added the following custom values:
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

DL: 206 Mbps
UL: 216 Mbps

Based on those results I added only the rcv buffers as the snd buffers lowered the upload speeds.
DL: 223 Mbps
UL: 233 Mbps

The single highest values: DL: 228 Mbps UL: 262 Mbps

 

[kap55]

Nice to see other reports of great openVPN speeds for the 86U. I have continued to get 160 down 15 up without any problem - that's what I get from my ISP so I've been very happy. I'm using pretty much the same settings as you - without the custom values. It would be interesting to see other reports - especially with different VPN providers.

 

[Henrik Troudi]

Sounds really really nice. Lovely Vpn-client Speed. Unfortenately I bought Netgear Nighthawk x6s R8000p. Same Broadcom processor but I'm more then worried about the development of DD-WRT for this unit. Keeping My fingers crossed!!!!

 

[doczenith1]

In another thread @Zentrk mentioned that adding fast-io to the custom config might increase speeds. I ran some quick tests using the Ookla Speedtest app on Windows 10 and saw roughly a 10% increase in speeds.

 

[RMerlin]

I thought this Crypto engine was pure hype. Seems like it's working.

Just to be clear, this ain't even due to the crypto engine (which isn't currently used), but to hardware support in the CPU for AES computations.

I did some experiments with the crypto engine enabled, and for OpenVPN it actually reduced the throughput rather than improve it, because of context switches between kernel and userland, and also because of the small packet size used by OpenVPN. I suspect the crypto engine might become more interesting once Asus enables IPSec support, where the whole cipher code would be in kernel space.

 

[RMerlin]

So we're not yet seeing the router's full potential yet.

For OpenVPN, you are. As I said, the crypto engine cannot improve OpenVPN performance.

Stock firmware should be getting closer to my firmware now than with previous versions. Asus has been implementing some of my performance optimizations, but they haven't implemented everything yet.

 

[OOo]

I am connecting from a AC68 to an AC68 using OpenVPN. Both sides are on comcast 100mb. I only get 5mb down /3 mb up. I am using firmware 3.0.0.4.380_7743.

Am I getting all I can get? Would moving to the Merlin FW increase performance? And would moving to an the AC86 substantially increase performance? Lastly, if I went with the AC86 would I need to buy 2, 1 for each location? Or just 1 for where I am running the vpn client?

New to all this. Thanks so much

 

[RMerlin]

Both sides are on comcast 100mb.

Your bottleneck is going to be the slowest end of the transfer. That 100 Mbps downstream will be slowed down by the speed of the upstream at the other end. What's your upstream speed on these two connections?

 

[Keenan]

If it's Comcast most markets with that 100 Mbps download package are only 5 Mbps upload with some markets at 10 Mbps upload. In reality, you can see about 120 Mbps DL and around 6 Mbps upload.

 

[RMerlin]

If it's Comcast most markets with that 100 Mbps download package are only 5 Mbps upload with some markets at 10 Mbps upload. In reality, you can see about 120 Mbps DL and around 6 Mbps upload.

In which case the poster's speed are perfectly normal. The 100 Mbps download will be slowed down by the remote end uploading only at 6 Mbps.

 

[OOo]

In which case the poster's speed are perfectly normal. The 100 Mbps download will be slowed down by the remote end uploading only at 6 Mbps.

Just tested them. I am getting 75mb down and 5mb up on both sides. Urgh.

So if I understand this correctly, the only thing that is going to help me is if I can get a higher upload speed.

Let me ask you this, I do a lot of connecting to other Asus 68 Routers. When I do this my Obi Voip phone is running through the VPN Client when activated. I can hear people talk but they get garble on their end. I want to exclude the Obi VOIP from running through the VPN and rather have it just exit my WAN. Reading around SNB along with my lack of Network knowledge and coding, it seems like I should be using your (Merlin) firmware. I also want to do the router Ad blocking (saw that way cool tool!). Would you agree I should use Merlin to counter my lack of knowledge/coding? Do I need to run the Merlin FW on the Client side, Server side, or both?

After I get past this..I need to figure out a way to activate/deactivate the VPN client without having to log in and navigate all the way to the screen. That is a real pain.

Thanks so much to all!

 

[RMerlin]

Running my firmware on the side running the Ovi will allow you to configure a rule excluding it from going through the tunnel.

 

[bilboSNB]

I dont seem to be getting great results using cyberghost, anything in the settings that could be causing it?

client
remote 1-gb.cg-dialup.net 443
dev tun 
proto udp
auth-user-pass


resolv-retry infinite 
redirect-gateway def1
persist-key
persist-tun
nobind
cipher AES-256-CBC
auth SHA256
ping 5
ping-exit 60
ping-timer-rem
explicit-exit-notify 2
script-security 2
remote-cert-tls server
route-delay 5
tun-mtu 1500 
fragment 1300
mssfix 1300
verb 4
comp-lzo

 

[Luboknok]

Can anyone comment what accounts for the massive OPENVPN speed on the RT-AC86U? CPU speed is the same as OCed ac68p (1.4ghz). Does it have hardware accelerated AES-NI?

 

[JJQuin]

Replaced my Netgear R7000 running Merlin Vortex with an ASUS RT-AC86U on Monday. My VPN speed went from 20mpbs to 114! My max speed is 118mbps with no VPN. This router is awesome! I tested PIA, NordVPN and ExpressVPN. PIA and NordVPN I was easily able to reach 114mbps. ExpressVPN the max speed was around 64mbps. I figured ExpressVPN would be faster. I tested all 3 VPNs on 2 Windows PCs and got around same speeds (within 3mbps). Spent 3.5 hours on chat with ExpressVPN. It got worse when I tried to connect through a ExpressVPN server capable of Netflix. With closest one I got 25mbps! My wife loves Netflix and I wanted a VPN that I could set and forget so I went with NordVPN. Though I still have my PIA subscription and use it on my own PC when I need to torrent.

RT-AC86U - 382.2_beta2

 

[RMerlin]

Does it have hardware accelerated AES-NI?

Yes.