Router cpu holding back OpenVPN speeds?

[Clive.B]

Hi I have been hearing Routers cpu speeds can hold back OpenVPN performance, for example on the Asus RT-N16s 480mhz, the max speeds can be around 8-12meg only.

Has anyone with more modern routers with the newer Asus or Netgear R7000 routers tested and compared OpenVPN performance ?

I am just worried if I upgrade in soon to 100meg Broadband, if I then use my VPN provider like BolehVPN, I may end up being limited to 12meg via my Asus RT-N16 !

 

[BatJoe]

My understanding is the faster the components inside the router (CPU/memory) the better OpenVPN speeds will be.

Since the newer Netgear and ASUS routers you mentioned have the fastest specs on the market one can safely assume they will be the best.

 

[Clive.B]

Guess am anxious to find out considering my RT-N16 died suddenly on me,
I know a few guys on here have there lovely R7000s and hopefully one of them is using openVPN client and can test its performance.

I have a bad feeling performance under openvpn client may be reduced badly lets say from a 100meg bb connection, down to a 50-60meg connection. Just cant verify it since no R700s available in England yet !

 

[BatJoe]

Guess am anxious to find out considering my RT-N16 died suddenly on me,
I know a few guys on here have there lovely R7000s and hopefully one of them is using openVPN client and can test its performance.

I have a bad feeling performance under openvpn client may be reduced badly lets say from a 100meg bb connection, down to a 50-60meg connection. Just cant verify it since no R700s available in England yet !

I personally have chose the R7000 over the ASUS. I have been unimpressed lately with ASUS quality of support. The R7000 also has the fastest specs inside, which would be a benefit to you.

I am in Canada, and we don't even have R7000's yet, I had to import from Newegg in the states.

 

[Clive.B]

I personally have chose the R7000 over the ASUS. I have been unimpressed lately with ASUS quality of support. The R7000 also has the fastest specs inside, which would be a benefit to you.

Yeah I do agree about R7000s specs, but one issue is its dual core 1ghz cpu. If this is just 500mhz x2 or 1ghz x 2 ? , and even then its more down to if the apps or features make use out of the 2 cores, ie openvpn supports only 1 single core.

So more importantly for what I want it for it may not be the fastest or best router. Is also the reason why I have an idea of a pfsense + diy router idea (posted below this thread)

 

[Sky1111]

Yeah I do agree about R7000s specs, but one issue is its dual core 1ghz cpu. If this is just 500mhz x2 or 1ghz x 2 ? , and even then its more down to if the apps or features make use out of the 2 cores, ie openvpn supports only 1 single core.

So more importantly for what I want it for it may not be the fastest or best router. Is also the reason why I have an idea of a pfsense + diy router idea (posted below this thread)

Netgear is dual-core running at 1000MHz (both cores are running at that speed), while ASUS dual core is running at 800MHz. To make things worse for ASUS, R7K memory is running at 800MHz, while AC68U at only 533 (just like on AC56 - still cannot believe it!)

OpenVPN client software seems like from last century - it only can utilize one core, so it does not benefit directly from these routers dual code CPUs.

Seems like Netgear is winner? Nope. Having superior hardware does not necessarily get you the performance. Firmware optimization do go a long way - for example, I hear good things about Astril VPN plugin which replaces OpenVPN client and it works much faster (unfortunately their service itself did not work for my needs).

I do not know if OpenROuter community will be able to release a stable high-performing firmware to put their DD-WRT in the same ballpark as Merlin or Padavan (well, for AC68U it is only Merlin)

Having another dedicated box requires much more to set it up and most importantly, a lot of knowledge. I am thinking about Ubiguity $100, but I do not think have time and the patience to set it up...

 

[RMerlin]

OpenVPN client software seems like from last century - it only can utilize one core, so it does not benefit directly from these routers dual code CPUs.

OpenVPN isn't really designed to scale well on multiple CPUs at this time. This is something that the developers intend to address with OpenVPN 3.x.

 

[Clive.B]

Sky1111:

Yeah I see few people with their R7000s are not too happy appears buggy, while others say its fine. And if we get a decent and stable 3rd party firmware its anyone's guess. Perhaps over time maybe.

I too am in a mind boggle, cant decide if I should just diy pfsense a tiny pc. Its the setup and more cost and knowledge and factoring in the overall electricity of running it 24/7 is putting me a tad off, otherwise I was just going to go with a cheap celeron intel nuc and usb dongle idea but now as someone suggested usb dongles are hit and miss.

I considered also this :

http://www.fanlesstech.com/2013/07/utilite-quad-core-arm-linux-desktop.html

Utilite quad 1ghz arm cpu, little box.... and somehow adding pfsense to it since it has 2 nics on it, but support is poor and may not run linux/pfsense.

Will look forward to OpenVPN 3x

 

[RogerSC]

Sky1111:
Yeah I see few people with their R7000s are not too happy appears buggy, while others say its fine. And if we get a decent and stable 3rd party firmware its anyone's guess. Perhaps over time maybe.

There will be third-party firmware for the R7000...there already is one out there. My current dilemma with the R7000 doesn't relate the hardware, that's great. However, the more that I use the web admin GUI, the worse it seems. And when something that basic can't be done well, you got to wonder what the firmware future is for it. I've never seen page stalls like the R7000 admin GUI has before, I don't even know how that could happen. I suppose I could see if they fix it, but it is frustrating to try to use it when you click on a page in the admin GUI, and it just waits...waits for what? The only thing that occurs to me is that they're having problems with their cpu multithreading, but that's been known technology for a long time now.

I'm trying to make a decision about keeping this thing, and unless Netgear puts out firmware that resolves at least the basic admin GUI problems soon, this thing is going back.

 

[Clive.B]

There will be third-party firmware for the R7000...there already is one out there. My current dilemma with the R7000 doesn't relate the hardware, that's great. However, the more that I use the web admin GUI, the worse it seems. And when something that basic can't be done well, you got to wonder what the firmware future is for it. I've never seen page stalls like the R7000 admin GUI has before, I don't even know how that could happen. I suppose I could see if they fix it, but it is frustrating to try to use it when you click on a page in the admin GUI, and it just waits...waits for what? The only thing that occurs to me is that they're having problems with their cpu multithreading, but that's been known technology for a long time now.

I'm trying to make a decision about keeping this thing, and unless Netgear puts out firmware that resolves at least the basic admin GUI problems soon, this thing is going back.

Agree, basic pages should load flush and correctly. Only time I had an issue like the one your describing was when my network driver on my pc was not 100% the correct one. Had to go manufacturers website and enter my motherboard model and download the proper latest network driver.

Soon as I did that all pages went smooth and accessed instantly, It maybe a long shot but worth a shot....

Sometimes network drivers just go funny also and a removal and auto reinstall kicks it in a again.

Other then that if it does not work properly on another pc/laptop or your own and others have the same issue ? which not sure I have heard, even myself I would not pay for such a product.

pfsense and diy is appealing more and more, more so since its unlikely the 1ghz cpu will work well with a openvpn client which is my main use...

 

[Sky1111]

Agree, basic pages should load flush and correctly. Only time I had an issue like the one your describing was when my network driver on my pc was not 100% the correct one. Had to go manufacturers website and enter my motherboard model and download the proper latest network driver.

Soon as I did that all pages went smooth and accessed instantly, It maybe a long shot but worth a shot....

Sometimes network drivers just go funny also and a removal and auto reinstall kicks it in a again.

Other then that if it does not work properly on another pc/laptop or your own and others have the same issue ? which not sure I have heard, even myself I would not pay for such a product.

pfsense and diy is appealing more and more, more so since its unlikely the 1ghz cpu will work well with a openvpn client which is my main use...

Clive - any news - have you tried anything yet?

 

[shizam]

I have an AC66u running Merlin's Latest firmware.

Without Open VPN I can get download speeds around 75-80 Mbit

With Router running Open VPN, I get 10-15 Mbit

With VPN App running on the PC for Open VPN encryption and the router NOT running open VPN I get 30-40Mbit.

I think the 600Mhz processor is a bottleneck. When I have it maxed out running openvpn The modem processor does push up to 100% but usually fluctuates down around 60-70%. There may be some settings or compression improvements to be done in the router setup, but I'm a noob at this so just bashing my way through it. I tried some older versions of Merlin's firmware for different openvpn versions, but the results were similar.
Ive tried having a look at the logs from the router and the PC app to see where the differences were. There are a few but it exceeds my level of knowledge to decode. There does seem to be a difference in the comp LZO vs LZO2...
Hope this helps
S

 

[CaptainSTX]

If you are only getting 50% of your local ISP's rated throughput running a VPN client on your PC then you might want to look at a different VPN provider. Not all providers are the same.

I have tested several and with the best provider I found and use I get almost 90% or download speeds of 70+ Mbps connected to a server 200 miles distant. With others my throughput numbers were similar to yours.

It is cheaper to find an optimal VPN provider than buying the latest and greatest SOHO router.

 

[sfx2000]

Not sure if it CPU bound, or more like memory thrashing - OpenVPN is userland, not in the kernel, so one will have more going on there with context switching and task prioritization.

I personally use L2TP/IPSEC with a dedicated machine inside my household LAN with no impact to bandwidth at the router...

 

[shizam]

Update.....
I had an old IBM think pad laying around so I installed pfsense on it. It now manages to get 20 mb/sec.
I still need to do some tweaking to see if it can be improved.
Bottom line, if the PC, running an openvpn connection can get 30-40mb, I think I should be able to get comparable throughput if I get it set up correctly with the VPN encryption being done by the pf box for the whole network....or am I wrong on that?

Initially, the of box was stuck around 16 mbit, but resetting the mtu to 1570 improved it to 20.
For now I am just looking at the logs to find discrepancies.

 

[shizam]

And a good point about the VPN provider. I will have to see who else has a server nearby. For now, I will be happy to match the pcs perf at 30-40 mbit

 

[shizam]

just incase anyone reads this thread for an IPvanish set up,
My logs told me I have the MTU wrong. Reset tun mtu to 1500. Oddly, the speed was at least equal with the wrong numbers!

 

[icece]

limits of OpenVPN

OpenVPN isn't really designed to scale well on multiple CPUs at this time. This is something that the developers intend to address with OpenVPN 3.x.

Merlin, what are the real limits of OpenVPN Client on a RT-AC68U running with your firmware?

Based on the information from "top", while a run speedtest.net or similar applications: OpenVPN Client requires only 30% to 40% of the "CPU 1", additional "nic" and "sirq" values do not look critical.

It looks like there is plenty of room for improvement.

 

[CaptainSTX]

You need to run some tests running the VPN client on your PC then run tests connected to the same server running the VPN on your router.

The speed you get on your PC is probably the top limit. If any current generation SOHO router with their limited RAM and modest processor (compared to a PC) can get 60% you are doing well.

To get throughput equal to 90% or better you are going to need a VPN provider that has plenty of backbone speed and do the VPN processing on a side processing unit. I personally use a Sabai VPN Accelerator with an Atom processor and 4 gigs of memory. This give me 70Mbps downloads on my 75Mbps FIOS Internet connection.

 

[Razor512]

The VPN server app is limited almost purely by the CPU.

I think the R7000 can do close to 50mbit/s (higher when overclocked) (most R7000's are stable to around 1.2GHz) Some people have also had luck with overclocking the RAM, but I do not recommend that since the RAM speeds are set early in the boot process (early enough that a debrick using the serial header will not work, so leave RAM at stock speeds)

The CPU can be overclocked on the stock firmware also.