openVPN client enabled on tomato router.

[xmfan]

Hi All,

I am learning all things networking that includes flashed routers using alternative firmware such as DD-WRT and tomato.

Background: I have an E1200 cisco/linksys router that I have successfully flashed with tomato firmware. I have enabled openVPN client feature and configured it to work with PrivateInternetAccess VPN site. - all good so far.

Question: My download speed (using speedtest website) is 1/5th of my available bandwidth when routing through the Cisco E1200 router with VPN enabled. While there could be many reasons why I have such slow performance, I would like to tackle them one by one.

To start with, in reading the various blogs/forums, seems that having a fast CPU on the router is important as it is doing the encrypting of data being passed through that. Ok, I get that. The CPU on E1200 is 300Mhz. Granted its not the fastest, however, if CPU does play a big role in performance, why is it that I see it being taxed less than 2%, yet my downloading speed is very slow.

Can I rule out the CPU and move on to the next area to tackle the slow download speed ?

thank you
XMFan

 

[L&LD]

That five year old router with the 300MHz cpu is what is limiting your VPN speeds. There may be other factors, but the cpu is first.

 

[xmfan]

Thank you for your feedback. I will be replacing the E1200 at the earliest. I bought the E1200 so I could learn how to flash routers with both DD-WRT and tomato firmware.

Any suggestions, as to what minimum router CPU speed I should consider for my specific need (VPN client using tomato firmware) ?

 

[Trip]

First off, how fast is your ISP connection, down and up, in Mb/s? I'd presume you're looking to max that out via VPN? And what type of VPN are you looking to do? (PPTP, L2TP, OpenVPN, etc).

If it's <60-70Mb/s aggregate, then you've got plenty of consumer hardware hardware options. If you want to be much above that, then you have to move to more specialized hardware, starting with higher-performance embedded devices (pFSense APU/ALIX, MikroTik, Ubiquiti, etc.), then business-class services routers, integrated security appliances, black-box gateway kits and/or DIY Intel boxes with multiple NICs.

Another option is abstracting the VPN to a cloud-based provider, where the brokering is handled at the server level. Works well for certain use cases, perhaps not so well for others -- but another option to think about.

 

[xmfan]

Trip - Thanks for your comment. I have 30 downstream /5 upstream package, and using openVPN to connect to the VPN service. Right now, I'm getting 5 downstream at best. Certainly, would be great to get as fast as possible using openVPN.

What I'm having a difficulty understanding is that if my current CPU in router is under-powered, why is the utilization under 2% during a heavy load of downloading or large file copying. I would have expected to see very high CPU utilizations from the tomato firmware status page.

 

[Cloud200]

Trip - Thanks for your comment. I have 30 downstream /5 upstream package, and using openVPN to connect to the VPN service. Right now, I'm getting 5 downstream at best. Certainly, would be great to get as fast as possible using openVPN.

What I'm having a difficulty understanding is that if my current CPU in router is under-powered, why is the utilization under 2% during a heavy load of downloading or large file copying. I would have expected to see very high CPU utilizations from the tomato firmware status page.

Odds are I would say Tomato is not reporting the CPU load correctly.
If CPU isn't spiking at all, and the load is being reported correctly you probably have something else wrong with the router.

Even 5mb/s should be bringing that CPU to at least 25% usage at the minimum.

 

[xmfan]

Cloud200 - Thank you for the reply. I had not considered the possibility of an issue with the E1200 router.

Regardless of whether I am downloading from the net or transferring large size files from one storage to another through the E1200, the CPU load, as reported through tomato firmware status page, though fluctuating during activities, never exceeds 2%. I have another router Asus RT-N56U, I have just installed an alternative firmware (padavan) on it. I will configure it for openVPN and do some similar testing and benchmarking while looking at the CPU utilization.

I am now very curious about this

 

[Trip]

The N56U will do around 20 Mb/s as an OpenVPN client -- still under your max of 35 Mb/s aggregate... If sticking with Tomato, then a Ghz+ ARM box will do the job -- AC68U or R7000, as examples. Other firmware options also include RMerlin and Kong DD-WRT. Another option with support out-of-the-box would be an LRT214 or 224; you'd then have to supply an access point for wifi, of course, or re-purpose your E1200 or N56U as an AP.

Regardless of the choice, any one of those should net you 50-60Mb/s for OpenVPN. Happy surfing.

 

[xmfan]

Trip - very interesting feedback, with a wealth of information. Thank you. Since I have the N56U at home and already flashed with padavan firmware, I plan on doing some benchmarking with that first. Meawhile, I will also look into RMerlin and Kong DD-firmware, though it was my understanding that neither were available for the N56U since it uses the RALINK chip. Given that, I could be wrong so I will revisit that search.

I am now researching Linksys LRT214 / 224 VPN routers, they seem a viable option for their openVPN abilities.

It is now very clear to me that the router CPU plays a crucial role towards performance and throughput.

 

[Trip]

You're most welcome. And yes, it never hurts to mess around with what you've already got in your possession -- who knows, the 56U might push close enough to your WAN speed that you can just use it with padavan and be done with it. Good luck!

 

[xmfan]

I finally got around to configuring and installing the ASUS N56U using the padawan firmware - and what a difference it made.

First of all, I am now able to see the correct load on the router CPU, a whopping 80% during the download process with VPN enabled .

My download speed from the net has dramatically improved. The LAN to LAN performance improved by at least 25%. Speedtest.net results are higher than before but not quite matching the provided bandwidth, but that's ok, the results overall are significantly better than before.

It was a win-win replacing the Cisco/Linksys E1200. I purchased that router as a refurb wanting to learn how to flash the firmware. I did wonder briefly if there was an issue with my E1200 to with it to begin with or given its weak CPU, regardless even if I had used a brand new one, my results would have been the same - oh well, it was a passing curiosity.

My next venture will be getting a different ASUS router that is at least 800Mhz.

Thank you all sincerely once again for your feedback.

regards,
xmfan

 

[Cloud200]

I finally got around to configuring and installing the ASUS N56U using the padawan firmware - and what a difference it made.

First of all, I am now able to see the correct load on the router CPU, a whopping 80% during the download process with VPN enabled .

My download speed from the net has dramatically improved. The LAN to LAN performance improved by at least 25%. Speedtest.net results are higher than before but not quite matching the provided bandwidth, but that's ok, the results overall are significantly better than before.

It was a win-win replacing the Cisco/Linksys E1200. I purchased that router as a refurb wanting to learn how to flash the firmware. I did wonder briefly if there was an issue with my E1200 to with it to begin with or given its weak CPU, regardless even if I had used a brand new one, my results would have been the same - oh well, it was a passing curiosity.

My next venture will be getting a different ASUS router that is at least 800Mhz.

Thank you all sincerely once again for your feedback.

regards,
xmfan

One of the best ones to get for cheap is the AC-56u. It's got pretty much the same CPU and RAM as the higher end units.