What's new

Please suggest best VPN to use that has a Wireguard config file on GT-AXE11000 w/388 firmware

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Merlin do you have any Idea on the GT-AXE11000 if it is enabled when a VPN tunnel is present? I have since did a reset and have no VPN on my router based on my observations. Also when enabling the Proton VPN there was a toggle for NAT, on or off if that helps?

CC
I don’t want to overstep my limited knowledge, but if you are talking about the Enable NAT toggle in the WireGuard profile - think about what that means - don’t let your judgement be clouded.

Will more than one device be assigned to that WireGuard profile? Then you probably need to Enable NAT in the profile.

If only one device connects to that WireGuard tunnel, I suppose you could probably switch it off.

In my WireGuard profiles, I have Enable NAT turned on because multiple devices are assigned to each one.
 
Last edited:
I have Surfshark personally but cannot get it to work with WireGuard. Communicating with their support, but they're not very helpful. OpenVPN works well, getting 150+ Mbps.
 
Tried WG with Surfshark on my GT-AXE11000 spending a significant amount of time with support and they finally gave up saying they built the server side to support OpenWRT but not (at least for now) stock ASUSWRT firmware. They promptly issued a full refund being very apologetic.
 
I already posted my findings on that topic.

Approx 300 Mbps for WireGuard sessions.

628 Mbps WAN speed with 2 WireGuard sessions active (active but not streaming anything). My current ISP limit.

I test WAN speed by using the built-in Ookla speed test. That tests true router speed, rather than client speed.

I’d be interested in someone else using the same testing methodology (built-in Ookla speed test) to test WAN speed with WireGuard sessions active.

Please post your results. 388 firmware is a pre-requisite.
 
That tests true router speed, rather than client speed.

It's the opposite. Built-in speedtest is affected by other processes running on the router. Wired client speedtest is more accurate for measuring the actual throughput.

Please post your results. 388 firmware is a pre-requisite.

Your speeds do not correspond to what another forum member observed with WireGuard server active. This is what I would expect to happen with Flow Cache disabled:


I only plan to test some beaches in Málaga area in next few weeks.
 
It's the opposite. Built-in speedtest is affected by other processes running on the router. Wired client speedtest is more accurate for measuring the actual throughput.



Your speeds do not correspond to what another forum member observed with WireGuard server active. This is what I would expect to happen with Flow Cache disabled:


I only plan to test some beaches in Málaga area in next few weeks.
I don’t use WireGuard server - I use WireGuard client. Maybe that is where the confusion lies.

You enjoy Ballermann de Mallorca while I enjoy 4 WireGuard sessions de VPN Fusion - WAN unaffected.
 
I don’t use WireGuard server - I use WireGuard client. Maybe that is where the confusion lies.

It has to be the same. Flow Cache is still disabled as per post #15.
 
I read the article you suggested. Another forum member stated that it’s a h/w limitation of the AX88U.

That’s possible, as there is another h/w limitation imposed on the AX88U - only two concurrent VPN sessions. So I have had to write off the AX88U.
You might find that these new platforms no longer require Flow Cache.

But I agree that the AX88U is not the platform to be testing these things on.
 
Last edited:
It has to be the same. Flow Cache is still disabled as per post #15.
Please don’t forget that I only use my AX88U for tunnels. I don’t have any “WAN” clients. So I’m unable to test them.

The only WAN testing I was able to do was the built-in Ookla Speedtest - which showed the full ISP speed limit.
 
Tried WG with Surfshark on my GT-AXE11000 spending a significant amount of time with support and they finally gave up saying they built the server side to support OpenWRT but not (at least for now) stock ASUSWRT firmware. They promptly issued a full refund being very apologetic.
Asus fixed the issue.

  • Fixed VPN fusion connection issues with Surfshark WireGuard profile.
 
On newer (AX) HND models, the HW acceleration status can be seen with the following command:

Code:
fc status

-----
admin@stargate:/tmp/home/root# fc status
Flow Timer Interval = 10000 millisecs
Pkt-HW Activate Deferral rate = 1
Pkt-HW Idle Deactivate = 0
Pkt-SW Activate Deferral count = 0
Flow Low Pkt Rate = 10
Acceleration Mode: <L2 & L3>
MCast Acceleration IPv4<Enabled> IPv6<Enabled>
IPv6 Learning <Enabled>
L2TP Learning <Enabled>
GRE Learning <Enabled>
4o6 Fragmentation <Enabled>
TCP Ack Prioritization <Enabled>
ToS Multi Flow <Enabled>
Notify Processing Mode <Hybrid>
OVS Flow Learning <Disabled>
HW Acceleration <Enabled>
Flow Ucast Learning Enabled : Max<16383>, Active<129>, Cumulative [ 236294 - 236165 ]
Flow Mcast Learning Enabled : Max<1152>, Active<0>, Cumulative [ 0 - 0 ]
-----

HW Acceleration is runner/archer, and Flow * Learning is Flow Cache.

Things are different on the RT-AC86U and GT-AC2900 as it's an earlier version of the SDK. I think for HW acceleration the only way I found how to monitor it is by checking if the pktrunner kernel module is loaded.
saved or future reference
 
It's the opposite. Built-in speedtest is affected by other processes running on the router. Wired client speedtest is more accurate for measuring the actual throughput.



Your speeds do not correspond to what another forum member observed with WireGuard server active. This is what I would expect to happen with Flow Cache disabled:


I only plan to test some beaches in Málaga area in next few weeks.

On my AX86U, best I've seen on the built in Internet Speed test was 764.18 / 43.66 (Xfinity Gigabit Extra 1200/35 with Motorola MB8611 2.5 Gbps Port to AX86U 2.5 Gbps Port) with Wireguard server enabled but not being used/no active tunnel........ where a laptop connected directly to the MB8611 few minutes later (though only 1Gb eth) was seeing 960 / 44 constant. So the router isn't getting full speed here.

I'l be doing more testing with Wireguard enabled and disabled.

I have QOS disabled in the AX86U, shouldn't need it with this Xfinity 1200 connection. I do have AiProtection enabled and I do host a www server for an app I have.
 
Last edited:
Has anyone happened to have done any more tests since the 388 beta came out? I am still a wee but confused as to whether there is or is not a definitive WAN/Network slowdown with a WG Server enabled (regardless of whether there is a connection or not). I am unclear on whether Merlin’s HW Enabled (fc status) result means NAT enabled?

ta

k.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top