What's new

PIA AES-256-CBC with OpenVPN is out but not working on Asus routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thanks Merlin. I use simple setup. Just vpn. No routing of any kind. My cpu util is very low usually.

Can this be flipped getting 1,3,5 where 2,4 is currently at? It would give us extra client that can be used for that 20-30% increase in Mpbs. If i use same vpn and same encryption on 2 and 3, 2 is 20% higher then 3. If not no problem. 87u is working like a champ on this firmware. I had issues with 66u but i sold it. Sorry if i'm all over the place here.

BTW Merlin I'm looking forward to next release of the firmware. I'm liking it a lot.
I wouldn't be overclocking the CPU if you are not using that much traffic though it
I have heard in cases where the CPU over heats imagine when its over clocked.
I have 87u with latest Merlin as well. Verb 1 keeps it for me at NJ but removing it i get my home state and neighboring city. I did reboot too after all changes. Same result. Not a problem but closer node better. Plus NJ is east node not midwest node. Yeah odd.

I overclocked in nvram threw ssh by doing nvram set clk freq=1400,800. Then i checked by get clk freq and it took. Also in gui showed it's 1400 but it has zero effect, not even marginal by few % as far as VPN Mbps speeds. I even did 1400,1400. No change. I did nvram commit but did not reboot as then defaults to default again. Also on different Vpn isp it also did not have any effect in change so i know it's not vpn isp. Here is overclocking thread.

http://www.snbforums.com/threads/overclocking-rt-ac87u.22720/

I did however notice that vpn 2 and 4 are 20-30% faster then 1,3,5. I use 2,4. one 256 and one 128. That's due to Merlin vpn optimization. I wonder if same could be done to 1, 3, 5.
If your CPU is idling why would you need to overclock it.
how many megabit modem do you have?
when you are on the NJ server what measurements do you get when you do a bandwidth Test?
what about other servers?
You should be doing well over 50megabit on that NJ server or the Toronto server those are huge
let me know
 
My comcast isp speeds are 90/12 Mbps without vpn so that is why i'm trying to bump this up to 60Mpbs. I bought 2 8mm fans that do lower temps by 10C so heat would not be issue. Problem is overclocking has zero effect on Mbps on vpn and i know i'm not being throttled as this was both case with two different vpn providers so i'm not sure what is the problem here. Thing is in gui and nvram shows overclocked speed but when i do speedtest right after i do nvram commit it down even jump few Mbps higher which it definitely should if i took it from 1000mhz to 1400mhz. I'm using 380 firmware. I have not tried 378 at all. Unless comcast somehow is trotteling me down on vpn but that doesn't make sense to me as i'm changing isp provider on vpn?
 
I just checked cpu utlization on speedtest while on vpn on download so i'm not even utilizing 100% of any of the cores. So in theory i should push double Mbps what i'm pushing now at close to 100% util rate. Unsure why this isn't happening. Also QOS is disabled by default.

core 1 peak rate went to 25%
core 2 peak rate went to 61%
 
Last edited:
This has to do with CPU scheduling. Clients 1,3 and 5 use the second CPU core, while 2 and 4 use the first CPU core. If you have something that also loads a specific CPU core, using an instanced tied to the other one will improve performance.
I am not getting the same readings here.
VPN 1 3 5 are on CORE 1
VPN 2 4 are on CORE 2
whats going on?
 
What does verb1 and reneg-sec 0 does?

No idea about the second, but the 'verb' setting is relating to log output, default being 'verb 3', and 'verb 1' being minimal log messages. So if you wish to see a more detailed log, use 'verb 3'.
 
Thanks Merlin. I use simple setup. Just vpn. No routing of any kind. My cpu util is very low usually.

Can this be flipped getting 1,3,5 where 2,4 is currently at? It would give us extra client that can be used for that 20-30% increase in Mpbs. If i use same vpn and same encryption on 2 and 3, 2 is 20% higher then 3. If not no problem. 87u is working like a champ on this firmware. I had issues with 66u but i sold it. Sorry if i'm all over the place here.

No, because for most usage scenarios, the way it's currently implemented is the best. Regular NAT traffic is handled by the first CPU core, so having the VPN process use the second core is optimal. If you have a higher load on the second CPU core then you must have some other process generating that load. Samba for instance is tuned to use the second core if I remember correctly.
 
I am not getting the same readings here.
VPN 1 3 5 are on CORE 1
VPN 2 4 are on CORE 2
whats going on?

Looks like the modulus check has things backward:

Code:
taskset_ret = cpu_eval(NULL, (clientNum % 2 == 0 ? CPU1 : CPU0), &buffer[0], "--cd", &buffer2[0], "--config", "config.ovpn");

CPU1 and CPU0 should be inverted.
 
Last edited:
Make sure you run an up-to-date firmware. This was fixed a few months ago.

Code:
        taskset_ret = cpu_eval(NULL, (clientNum % 2 == 0 ? CPU1 : CPU0), &buffer[0], "--cd", &buffer2[0], "--config", "config.ovpn");

Even-numbered clients run on core 2, odd numbered clients on core 1, unless something is broken with cpu_eval().

RMerlin, isn't that what yorgi stated?
 
That's cool Merlin. Actually what i'm saying is that under max vpn encrypt mode during max download my core 2 cpu is only at peak rate of 61% so it's under utilized for some reason, meaning i could hit higher Mbps if it was peaking close to 100% so i'm not sure why it's only 61%. My speed on 87u is 30Mbps and from what everyone says should be close to 50Mpbs. I have 90/12 comcast service and hit those speeds when not on vpn. It seems like 600hmz is only being used instead of default 1000Mhz. What add more fuel to this that my attempts to overclock result in zero gain in Mbps even when overclocked by 40% cpu so all that is little odd to me unless i'm not understanding something.
 
No idea about the second, but the 'verb' setting is relating to log output, default being 'verb 3', and 'verb 1' being minimal log messages. So if you wish to see a more detailed log, use 'verb 3'.

Thanks bud. I just tried verb3 and it did kick me back to NJ server again but when i disabled and reneabled vpn i'm back to midwest server so i guess i'm ok with that.
It does log more which is what i want like type of encyption etc...thanks that helped. Its weird it would do that. I guess ever time you make a change it will do that but turning off and turning back vpn gets me back onto my nearest town. Works for me. Thanks.

If anyone knows a link to some wiki on the most common used vpn (linux) terms one can use that would be great. I'm green on those so learning as i go.
 
Looks like the modulus check has things backward:

Code:
taskset_ret = cpu_eval(NULL, (clientNum % 2 == 0 ? CPU1 : CPU0), &buffer[0], "--cd", &buffer2[0], "--config", "config.ovpn");

CPU1 and CPU0 should be inverted.
where do I put this command you gave me?

According L&LD you said this in another post which is exactly what I am getting. I am also using latest version.
Even-numbered clients run on core 2, odd numbered clients on core 1, unless something is broken with cpu_eva()
Now you are saying the reverse.
will it make a difference if I leave it this way?
Is this due to the QOS issue where all VPN traffic shows as Upload?
 
That's cool Merlin. Actually what i'm saying is that under max vpn encrypt mode during max download my core 2 cpu is only at peak rate of 61% so it's under utilized for some reason, meaning i could hit higher Mbps if it was peaking close to 100% so i'm not sure why it's only 61%. My speed on 87u is 30Mbps and from what everyone says should be close to 50Mpbs. I have 90/12 comcast service and hit those speeds when not on vpn. It seems like 600hmz is only being used instead of default 1000Mhz. What add more fuel to this that my attempts to overclock result in zero gain in Mbps even when overclocked by 40% cpu so all that is little odd to me unless i'm not understanding something.
Rango when you do a bandwidth test and you are using VPN client 1
do you see more CPU usage on the CORE 1 CPU or CORE 2 CPU
You can see this in system status in network tab.
thanks
 
I just checked cpu utlization on speedtest while on vpn on download so i'm not even utilizing 100% of any of the cores. So in theory i should push double Mbps what i'm pushing now at close to 100% util rate. Unsure why this isn't happening. Also QOS is disabled by default.

core 1 peak rate went to 25%
core 2 peak rate went to 61%
which vpn out of the 5 did you use to do this test?
 
No, because for most usage scenarios, the way it's currently implemented is the best. Regular NAT traffic is handled by the first CPU core, so having the VPN process use the second core is optimal. If you have a higher load on the second CPU core then you must have some other process generating that load. Samba for instance is tuned to use the second core if I remember correctly.
CORE 2 is used heavily by the USB for Hard Drives as well
 
which vpn out of the 5 did you use to do this test?

Yorgi i only use vpn client 2 and 4 as Merlin did vpn optimization which gives me 20% more Mbps. On client 2 core 2 is used the most

On vpn client 2
core 1 peak rate went to 25%
core 2 peak rate went to 61%

On client 1,3,5 it drops Mbps by 20%. I did not check which core it uses on client 1, 3, 5. But i did Mbps tests on client 1 and 3 and result was same. That is a fact for me for sure. I can check that but will need to setup client from scratch again. I will later this PM.
I'm assuming it's using core 1 which is why it's lower Mbps. This is why i asked if Merlin could flip clients 1,3,5 instead of 2,4 but i understand what he means.

In computer language core 0 is actually core 1 showing in GUI interface. Core 1 is actually core 2 showing in GUI interface. If you know that i'm sorry i mentioned it hehe
 
RMerlin, isn't that what yorgi stated?

You replied while I was editing my post, see the latest version of it.
 
where do I put this command you gave me?

According L&LD you said this in another post which is exactly what I am getting. I am also using latest version.
Even-numbered clients run on core 2, odd numbered clients on core 1, unless something is broken with cpu_eva()
Now you are saying the reverse.
will it make a difference if I leave it this way?
Is this due to the QOS issue where all VPN traffic shows as Upload?

This is just the code in the firmware that shows where the issue lies. You will have to wait for a new release to have it fixed, the problem is so in the mean time you can just leave it on the other core.

No idea about QoS. The Trend Micro engine is closed source, and I don't have any expertise with linux tc.
 
This is just the code in the firmware that shows where the issue lies. You will have to wait for a new release to have it fixed, the problem is so in the mean time you can just leave it on the other core.

No idea about QoS. The Trend Micro engine is closed source, and I don't have any expertise with linux tc.
Thanks at least my question on QOS is answered
As far as the CPU and VPN seems that even Rango gets the same results so if this is the case and L&LD
remark is true then there is nothing wrong. Besides for me it works better the way it is now because
I use a USB Hard Drive on the Router and since VPN 1 goes on Core 1 and the HD is on CORE 2 then it works just fine :)
I am only on a 8 megabit when I get a better speed I will worry about which CPU to choose from
 
No idea about QoS. The Trend Micro engine is closed source, and I don't have any expertise with linux tc.
Is there anyway that you can at least look at it and see if you can reverse the VPN traffic like with the CPU scenario so at least all the VPN traffic would go to Download?
at least that would work because the way it is now, being backwards there is no way you can turn on the QOS it just wont work properly when VPN traffic starts.
Please try
thanks
 
Similar threads
Thread starter Title Forum Replies Date
F Router for VPN with AES-NI VPN 8

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top