What's your max throughput for you openvpn?

[banz]

I use my router as a vpn client. I was getting 30-40mbps down and 15up. After the cipher and compression tweaks, I'm getting 80mbps. I'm wondering if it the openvpn protocol or the settings that I'm not able to achieve a higher throughput.

 

[ColinTaylor]

80Mbps sounds pretty good but it depends on the router model (and hence it's CPU speed) which you haven't stated.

 

[heysoundude]

I'll probably be reminded of the differences in architectures between our routers and the test rig, but I'm still just going to leave https://www.wireguard.com/performance/ here for peoples' consideration. (I had never considered ping time and throughput being roughly inversely proportional) Also note mention of fq_codel in roadmap.
if your router's uname -r fits the spec, AzireVPN is running a free beta you can sign up for. I'd be interested in how that works, if it works.

 

[heysoundude]

80Mbps sounds pretty good but it depends on the router model (and hence it's CPU speed) which you haven't stated.

and/or the connection speed the OP is paying their ISP to provide...

 

[banz]

Sorry, I'm sure most people ask stupid questions here not knowing that the bottleneck is either their wifi or wan link.

I should be getting at least 250mbps down. If I turn off the openvpn, then I get 250+mbps down to speedtest.net. As soon as I turn it back on, I get 80mbps. I'm using RT-AC68P. It is not maxing out the CPU. I also looked at my openvpn server.

Openvpn server is using AES-128-CBC, sha256 and compression disabled. Speed test on the openvpn server shows 500mbps down and 200mbps up.

After spending couple of hours troubleshooting the openvpn server. Turns out it's probably somewhere along the hop. netcat / pv shows I can only reach my openvpn server at around 80-100mbps without using the openvpn protocol.

 

[wyldstallyn]

I use my router as a vpn client. I was getting 30-40mbps down and 15up. After the cipher and compression tweaks, I'm getting 80mbps. I'm wondering if it the openvpn protocol or the settings that I'm not able to achieve a higher throughput.

Could you post a screenshot of your settings and custom configs?

I have a 1900P and the best I can get is 30d / 15u with PIA VPN. My ISP is a 150/15 cable connection. Devices not on the VPN have no trouble hitting those speeds. I’ve read through yorgi’s VPN client guide and experimented with settings and config tweaks, but perhaps I’m missing something. Would love to hit 80 down, but would be happy with 50-60 as I realize this isn’t a router optimized for VPN like the 86 is.

 

[netware5]

Sorry, I'm sure most people ask stupid questions here not knowing that the bottleneck is either their wifi or wan link.

I should be getting at least 250mbps down. If I turn off the openvpn, then I get 250+mbps down to speedtest.net. As soon as I turn it back on, I get 80mbps. I'm using RT-AC68P. It is not maxing out the CPU. I also looked at my openvpn server.

Openvpn server is using AES-128-CBC, sha256 and compression disabled. Speed test on the openvpn server shows 500mbps down and 200mbps up.

After spending couple of hours troubleshooting the openvpn server. Turns out it's probably somewhere along the hop. netcat / pv shows I can only reach my openvpn server at around 80-100mbps without using the openvpn protocol.

You cannot reach more with your router. This is a hardware limitation. It is absolutrely not possible to max your 250 Mbits link with AC68U and OpenVPN.

 

[Geraner]

See my tests done today on the RT-AC86U.
https://www.skadligkod.se/vpn/vpn-speedtest-asus-rt-ac86u-merlin-firmware/

 

[heysoundude]

See my tests done today on the RT-AC86U.
https://www.skadligkod.se/vpn/vpn-speedtest-asus-rt-ac86u-merlin-firmware/

next time you ssh into your router, can you check what kernel it's running? (uname -r)
if it returns >3.10, would you be willing to try azirevpn's wireguard on it, and then re-benchmark? Instructions: https://www.azirevpn.com/en/wireguard

 

[Geraner]

next time you ssh into your router, can you check what kernel it's running? (uname -r)
if it returns >3.10, would you be willing to try azirevpn's wireguard on it, and then re-benchmark? Instructions: https://www.azirevpn.com/en/wireguard

It's: 4.1.27 #2 SMP PREEMPT Sat Mar 24 14:05:35 EDT 2018 aarch64 ASUSWRT-Merlin

 

[john9527]

next time you ssh into your router, can you check what kernel it's running? (uname -r)
if it returns >3.10, would you be willing to try azirevpn's wireguard on it, and then re-benchmark? Instructions: https://www.azirevpn.com/en/wireguard

Don't forget....this is an embedded linux system. None of the install methods on the azirevpn page are doable by the end user.

If you want to test it on a router, your best bet is make a request to the Entware folks to provide a pkg.

 

[heysoundude]

Don't forget....this is an embedded linux system. None of the install methods on the azirevpn page are doable by the end user.

If you want to test it on a router, your best bet is make a request to the Entware folks to provide a pkg.

Ah! I wasn’t aware of this. Perhaps I’ve been a bit excited/over optimistic when it comes to the peering aspect - more peers means faster and more secure as I understand it...
Are you looking at integration within your fork, sir? Might it be an alternative to openvpn on older routers??

 

[Odkrys]

Wireguard is not compatible with broadcom kernel for now.

 

[heysoundude]

Wireguard is not compatible with broadcom kernel for now.

@john9527 seemed to indicate this as well with his suggestion to contact the entware people...so care to enlighten how you know this to perhaps make their job easier?

 

[banz]

Could you post a screenshot of your settings and custom configs?

I have a 1900P and the best I can get is 30d / 15u with PIA VPN. My ISP is a 150/15 cable connection. Devices not on the VPN have no trouble hitting those speeds. I’ve read through yorgi’s VPN client guide and experimented with settings and config tweaks, but perhaps I’m missing something. Would love to hit 80 down, but would be happy with 50-60 as I realize this isn’t a router optimized for VPN like the 86 is.

I'm not using PIA. I'm using my own VPS server so mileage may vary. I've spent the whole weekend tweaking it already. About to give up. What I found was using Centos 7.2 repo of openvpn works better for me. For some reason AES-256-GCM with lz4 works well. I can push to about 70Mbps. I'm hitting 100Mbps when I use my own PC to connect to the openvpn server directly so I know it must be the router CPU bottleneck.

The overclock CPU definitely helps for me. https://www.privateinternetaccess.c...throughput-on-pia-with-an-asus-rt-ac68#latest

But as I said that my settings really does not apply to your setup.

 

[banz]

So I just upgraded openvpn on my ubuntu 16.04.
OpenVPN 2.4.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018
library versions: OpenSSL 1.0.2g-fips 1 Mar 2016, LZO 2.08

I get 70Mbps. I'm going to spend some time looking into upgrading openssl too. Maybe that will make a difference but I doubt it.

 

[heysoundude]

@john9527 seemed to indicate this as well with his suggestion to contact the entware people...so care to enlighten how you know this to perhaps make their job easier?

Actually, if you scroll down on this page https://www.wireguard.com/install/ there's a way to install on OpenWRT that might be portable to merlin/entware.

I know y'all are busy people, but would you mind having a look at this @ryzhov_al and whomever else is involved. I'd tag @RMerlin too, but he's clear about following Asus firmware, so I'm going to make a suggestion to them.