Hello,
Running merlin; but I believe this is a stock firmware thing? So posting here, sorry if wrong board.
I'm using the ASUS' built-in Strongswan and its speeds are absolutely atrocious for some reason. (Eg: without VPN I have a downlink of 480MBit/sec and 25MBit/sec up on 5G; but with VPN enabled it's only 43MBit/sec down and 5MBit/sec up. (Ref: I have 1000/1000 symmetric fiber and speedtests at the home connection are 800MBit/sec on average (up/down), so that's not the problem)). I didn't have this issue when running it on a standalone virtual machine, so looking in to that now.
However; upon analyzing its config, I realized this is part of ASUS stock firmware and therefore I probably don't have unlimited freedom with modifying the configuration.
As such I have two questions I hope someone may be able to answer:
1.) MOBIKE is disabled, does anyone know of any objection against enabling it?
2.) I noticed the ciphersuite in use is deprecated. It is using "aes256-sha1-modp1024" which is both a crappy hashing algorithm as well as poor DH groups. I'd prefer using ChaCha20 but I'm not sure if that's a good fit for the ASUS hardware, so I suppose aes256-sha256-modp2048 would have to do; or maybe for performance reasons go for aes256-sha256-ecp256 instead. I was also wondering for this one if anyone knows if there are any major objections in to doing so or that it should be smooth sailing. (Or maybe someone tried something different already, please do tell. )
Hope its not too much of a niche question. Thanks in advance!
-edit-
Ah... As it turns out, the router keeps resetting this file whenever it reboots.
Running merlin; but I believe this is a stock firmware thing? So posting here, sorry if wrong board.
I'm using the ASUS' built-in Strongswan and its speeds are absolutely atrocious for some reason. (Eg: without VPN I have a downlink of 480MBit/sec and 25MBit/sec up on 5G; but with VPN enabled it's only 43MBit/sec down and 5MBit/sec up. (Ref: I have 1000/1000 symmetric fiber and speedtests at the home connection are 800MBit/sec on average (up/down), so that's not the problem)). I didn't have this issue when running it on a standalone virtual machine, so looking in to that now.
However; upon analyzing its config, I realized this is part of ASUS stock firmware and therefore I probably don't have unlimited freedom with modifying the configuration.
As such I have two questions I hope someone may be able to answer:
1.) MOBIKE is disabled, does anyone know of any objection against enabling it?
2.) I noticed the ciphersuite in use is deprecated. It is using "aes256-sha1-modp1024" which is both a crappy hashing algorithm as well as poor DH groups. I'd prefer using ChaCha20 but I'm not sure if that's a good fit for the ASUS hardware, so I suppose aes256-sha256-modp2048 would have to do; or maybe for performance reasons go for aes256-sha256-ecp256 instead. I was also wondering for this one if anyone knows if there are any major objections in to doing so or that it should be smooth sailing. (Or maybe someone tried something different already, please do tell. )
Hope its not too much of a niche question. Thanks in advance!
-edit-
Ah... As it turns out, the router keeps resetting this file whenever it reboots.
Last edited: