What's new

very slow openvpn

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ewokuk

Regular Contributor
Just tried Merlin for the first time and have an issue with the openvpn performance. I have managed to get it connected and working, but speed tests show my downstream stopping at 32mbps on my 100mbps connection. Tested several times, same result every time. On tomato my speed was virtually unaffected, getting 99-100mbps every time. Upstream is fine but I don't know why downstream is so slow!

If i disconnected the vpn on the router and use the providers software instead, im instantly back to 99-100mbps so it seems to be related to Merlin, not the provider.

I have not used Merlin before so perhaps I need to configure something? I am using 380.65 and an AC68U
 
Last edited:
Its not related to merlin. its hardware issues. Which model is this?
You said on tomato you get max speed when you are running as openvpn vpn client on the router?
The CPU is affecting the speed. When you do a speed test, look at the router CPU usage.
The desktop with the provider speed is faster since all encrypts/decrypts is done by the computer CPU which is much faster than your typical home routers.
 
I thought I had the speed when using Tomato but I might be wrong, I was having trouble getting it to connect so can't be sure. It's an AC68u. I checked the CPU load and during the test cpu 1 only gets to 12% and cpu2 only gets to 45% so it doesnt look like it is cpu related.
 
AC68U should be getting around 30mbits if you are using a VPN, which VPN Client are you using? The odds number will use Core 1 and even will use core 2. Can you show me your setting for the Compression? What did you set it to?
 
Compression is set to LZO adaptive. Using openvpn client in Merlin, UDP and AES-256-CBC

Can't believe the best it can do is around 30mbps, when the cpu isnt even hitting 50% as well. From what I have read it seems right, it just can't go any faster without overclocking it! I'm pretty shocked, that makes using a routers VPN pretty useless for anyone with decent bandwidth. Oh well, stuck with using the device-side clients then. At least next time I get a new router I know I need to check whether the cpu is powerful enough to do 256bit vpn at 100mbps+.

Still confused how it can't go faster when it isn't even close to maxing out the cpu, at least according to the graph in Merlin.

Also wondering for the wireless is it worth setting the 2.4 and 5ghz channels to the same SSID, in the hope that it will sort out the best connection for each device, or stick with 2 different SSID's?
 
Last edited:
Personally using 2 different SSID is much better for me. 5Ghz maybe good for close surrounding but longer reach you need the 2.4Ghz. If you have the same SSID, you will need to figure out which is the 5 and 2.4 when you want to switch or which is the one given problems.
 
Remove LZO compression - this will improve your speed. But in any case you cannot expect to reach 100 mbits with your router.
 
Can't remove it, when it is removed i cannot connect to anything. I guess the vpn provider (IVPN) requires it turned on. There are 2 options for removing the compression in Merlin, "None" and "Disabled". No idea what the difference is, surely off is off! Either way neither work. I can use LZO or LZO adaptive and it then works.
 
Can't believe the best it can do is around 30mbps, when the cpu isnt even hitting 50% as well.

It's indeed the best you can get out of a 800-1000 MHz CPU running AES-256.

The reason why your CPU shows 50% is because OpenVPN is single-threaded, therefore only one of your two cores gets used - hence the 50% result.
 
goddamn didn't know they were so cpu intensive. About time openvpn was multi-threaded by now isn't it :eek:
 
goddamn didn't know they were so cpu intensive. About time openvpn was multi-threaded by now isn't it :eek:

Multi-threading requires a major architecture overhaul, something they initially planned for OpenVPN 3. So far, OpenVPN 3 development is moving at a glacial pace, so no clue if or when it will appear.

Multi-threading won't help much anyway. You're simply asking too much mathematical operations out of a low-power CPU. The real solution is hardware-based crypto processing, something used by business-class products.
 
Yeah perhaps, but processing power continues to go up, add some multi-threading to it and 100mbps AES-256 isn't that far off. Perhaps hardware-based crypto processing will start making it to consumer products soon, VPN's seem to be getting ever more popular. I will just have stick to the windows client for now anyway, it's still easier to turn on and off and switch servers etc than it would be via the router.

I do get the impression my wireless signal is better with Merlin than it was on Tomato, but I can't see the relative signal strengths of the connected devices in Merlin. I know they wouldn't have been 100% accurate anyway but it did give me a good idea of the effects of moving the router around and changing the settings. Pretty sure I get a better signal from further away than I did before, just a shame I can't see it in Merlin for comparison :p.
 
......... I will just have stick to the windows client for now anyway, it's still easier to turn on and off and switch servers etc than it would be via the router....................

Yes, this is the best solution. Because ANY PC is much more powerful for crypto tasks than ANY consumer grade router. Your PC will easily max the 100 mbits line with AES-256 encryption. Using the routers's VPN client is essential only in the case you want your mobile devices to connect to your VPN provider also.
 
After years of doing vpn services, a lot of providers or users thought that having compression on helps in speed but most people know that almost all data on the internet are already being compressed during delivery. Unless you are downloading a raw data, then compression will not help. As for openvpn, as soon as you enable compression (whether you are using it or not), it will take a hit on the processor. A provider may use Adaptive so that the compression of data will be based on the type of files being transferred. You cant remove it if the server has a comp-lzo turn on. Both server and client must remove it.

As for CPU, even the 1.4Ghz Asus 5300 can only do a max of 50mbits on a full strength vpn connections. I am still waiting for a unit from Linksys with 1.8Ghz and see how it performs against 1.4Ghz. Will probably test this with DDWRT if its not Asus.
 
Last edited:
Compression -- The biggest perk of compression in modern VPNs is going to come down to helping to limit fragmentation. Otherwise it is generally not helping to "optimize" much else on the modern Internet.

CPU and Speeds -- If you are wanting 100Mbps+ on VPN, you should be looking at an x86 box or some other business class device. A simple x86 box running pfSense or OPNsense will easily handle the speeds and encryption requirements you have specified. I can hit several hundred Mbps easily with mine.

Encryption -- Why are you using AES-256? If you want more speed, drop that down to AES-128....it should be a tad faster while the encryption strength should be plenty strong still.
 
I did some testing a while back that may help you with some reference numbers on throughput. These are my speeds using the OpenVPN Client on two different ASUS routers. Both routers running Asuswrt-Merlin 380.64 firmware. Using the VPN client to connect through PIA VPN servers.

AC3100 (1.4 Ghz dual core)
CTF enabled
DL: 61 Mbps with core 1 at 25%, core 2 at 75%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U (1.0 Ghz dual core)
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

For reference, when using the same PIA VPN server with a windows client I'm able to attain 250 Mbps down and 350 Mbps up on the same DSLReports HTML5 speed test.

The speed tests were conducted over a wired connection from the computer to the router.

Data encryption: AES-128
Data authentication: SHA1
Handshake: RSA-2048
 
I wish I had a nickel for every time a thread with this topic gets posted! :) $$$$$$$$$$$$$$ ;) PayPal?

Even my high end PfSense appliance struggles when trying to talk to my vpn server half way across the globe. I wish I could have the speeds reported by the OP! I followed Yorgi's setup guide in The VPN forum along with other configurations I posted on threads in that forum that may help the OP tweek a little more bandwidth. Distance from vpn server is the issue for me. I use no encryption to get the best speed as primary goal is to stream media. Most people experience slower speeds the higher the encryption. Most traffic is compressed anyway so I have it set to None.

I am waiting for the day when OpenVPN supports multi threaded. It has been on the roadmap for several years now. As Merlin states though, it may not be of much help. But for now, I am content in what I have as I am to stream from USA without buffering and that is my primary goal.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top