OpenVPN on RT-AC68U

[Morphy]

Dear all

I just received my router and updated the firmware to Merlin 378.51 and it works so perfectly

Im totally new into this - but I followed a guideline to sort out Private Internet Access with OpenVPN on this router - uploaded the vpn config file to the router - added the ca.crt info in the right field ect.

When I enable the VPN for Client1 its working - and I can see my IP is changed on whatsmyip .

But the download speed is so slow - I have 113,27 Mbps in download speed which = aprox 14MB/s . The router gives me MAX 16Mbps which is a radical drop in download speed .

Does anyone have a clue of what to do, or what I am missing?

Its set to UDP and the settings I located in the PIA forums (I cant access it here from work) . The encryption settings is set to default.

I even tried another VPN provider, but accomplish the same download speed :/ . . . so my guess I must be doing something wrong. Just dont know what.

Thanks

 

[aph]

This is a limitation of all consumer grade routers. They don't support hardware accelerated AES and have as much processing power as any device of that size. Nothing you change on the router will affect the speed.

As an alternative, set up the VPN client on your computer. You will get full speeds since there is much more computational power to work with, and all recent chips support hardware AES.

 

[cosmoxl]

yes, routers will not be super fast unless you spend like $500. but, with a good connection and VPN provider you should be able to get 50megabits/s with the AC68. I've seen it done and I get at least 35mbit/s with my AC68 but my ISP max is 35. I also use PIA and I know it can do very high speeds if conditions are right.

First suggestion is to make sure you're using openvpn client 1. in that firmware version it'll use core 2, which leaves core 1 to do kernel work.

Second suggestion is to try different servers, then different ports, and finally TCP if you still don't get better speed.

 

[Morphy]

Thanks to the both of you

Cosmoxl - can you maybe provide me your details of your settings for the client1 setup?

How much info from PIA (certificats have you used) 1 right?

Maybe I have some settings wrong - cause I tried another VPN provider as well - and its exact same issue :/

I also read that I should be able to gain way more than this - but it seems like its not reachable. Guessing it has to be some settings somehow..

 

[cosmoxl]

below is what's in my ovpn file. I just change the server to what I want.

there are no other certs or anything available.

client
dev tun
proto udp
remote server.privateinternetaccess.com 1196
resolv-retry infinite
nobind
cipher AES-128-CBC
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 4
reneg-sec 1800
mssfix 0
mtu-disc maybe
fast-io
ca [inline]
<ca>
-----BEGIN CERTIFICATE-----
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
-----END CERTIFICATE-----
</ca>

 

[Morphy]

Thanks mate - Gonna look at the ovpn file and will compare yours .

Have you done other stuff to your router - overclocked it?

I see you have.

reneg-sec 1800
mssfix 0
mtu-disc maybe
fast-io
I dont have that in mine - odd
Well I hope that this might boost my download speed mate - gonna test when I get home.

Cheers

 

[Morphy]

Ok here is what is done.

Added your prefix and then here is my log - now I see the VPN enabled, but I can't get to any webpages?

Added my log

Heeelp

 

[Morphy]

Ok got it working, but the download speed is slow , can't get it higher than 16Mbps
Tried several servers - no good.

 

[cosmoxl]

have you tried different ports and the different TCP ports?

when you do try ports other than 1196 you'll have to set the cipher back to default.

 

[Morphy]

Yes tried it back and forth . :/

 

[oversim]

Do not expect miracles from an ARM dual core CPU and a I/O subsystem not designed for VPN performances You can try to overclock CPU (mine is stable ad 1.2Ghz), thus you can try these settings in OpenVPN advanced options page:

sndbuf 262144
rcvbuf 262144
push "sndbuf 262144"
push "rcvbuf 262144"

tcp-nodelay
fast-io
mtu-disc yes
push "fast-io"
push "mtu-disc yes"
push "tcp-nodelay"​

 

[Morphy]

Hi mate - thanks for the info.. but adding your info right here - won't make my vpn run at all:

persist-key
persist-tun
tls-client
comp-lzo
verb 1
sndbuf 262144
rcvbuf 262144
push "sndbuf 262144"
push "rcvbuf 262144"
tcp-nodelay
fast-io
mtu-disc yes
push "fast-io"
push "mtu-disc yes"
push "tcp-nodelay"

But I tried another thing - I went from UDP to TCP and and actually gain aprox 5Mbps more.. so now totally without OC is 25Mbps ..

Im getting higher up , so any other ideas?

Current settings are:

Start with Wan : No
Tun
TCP
Port 80
Firewall Automatic
TLS
Create NAT on Tunnel - Yes

Advanced:
Pull = 0
Redirect Internet trafic : NO ( shouldn't it be yes ? Seems that people not are entirely sure?)
Accept DNS..: Strict
Encryption: Default
Compress: Adaptive
TLS Negotion time: 0
Connection retry = 30
Verify server certificate = no

Custom:
persist-key
persist-tun
tls-client
comp-lzo
verb 1

 

[oversim]

Encryption cipher: AES-128-CBC

 

[john9527]

I just noticed you didn't state exactly which router you have....if you have a MIPS based router, you may indeed be hitting the limits of the processor (the folks helping you out have ARM routers). Have you checked your CPU utilization during your testing?

 

[Morphy]

@oversim only on UDP and port 1196 then its working for me

@john9527 I posted the model in thread subject Its Asus RT-AC68U

The CPU seems fine when running - not topping the meters at all.

What I did now - I tried to change from UDP to TCP with port 80 - Now im at 25Mbps - still not close at what people states that they have which is 50Mbps .
I seen several posts - also on PIA ( Private Internet Access ) , but no one is showing any settings or guides that shows any valid documentation that its working?

I also change the server name from sweden.privateinternetaccess.com to the actual ip address of the server - PIA support told me that it might help due DNS naming issues ect.. ?

Still - missing Mbps to archive the golden 50Mbps .

By the way - anyone else having problems sending email when PIA is active? Its both client software and router OpenVPN that won't send mails out - receiving is fine .

Thanks

 

[john9527]

Duh....read the title....sorry.

I'm on PIA in the states with a 50/5 connection (normally get close to 57/6). Going to PIA servers in the states, I can't tell the difference with PIA VPN active. (AC68R overclocked to 1200,800)

I ran some tests for fun using the EU servers....
with Sweden, best I could get was 25/2
with Germany, I got 49/6.

I'd try a different set of servers.

 

[Morphy]

hehe John nw mate.

Are you 110% sure that the VPN is running then ? :/ Sounds amazing. I tried several servers - same issues.

What settings are you using mate?

 

[RMerlin]

By the way - anyone else having problems sending email when PIA is active? Its both client software and router OpenVPN that won't send mails out - receiving is fine .

Your ISP's SMTP won't allow relaying from a different public IP (that of your VPN provider).

 

[john9527]

hehe John nw mate.

Are you 110% sure that the VPN is running then ? :/ Sounds amazing. I tried several servers - same issues.

What settings are you using mate?

I believe in the 'Keep it simple' principle. I didn't use an ovpn file, but configured by hand. Here's some screen shots of my setup....

And here's my speedtest to Germany...love that ping time....

EDIT: Just to complete things....here's what I get when using a US server

 

[Morphy]

@Merlin Hi mate . Well I got info from PIA that they dont allow smtp , so your right about that, but they can do some tests against the smtp server, so they can whitelist the server. So awaiting info from PIA regarding that
Another thing I've noticed in fw 378.51 I see this in Performance tuning:
Note: Your router bootloader version is incompatible with Turbo (overclock) mode.
So I can't OverClock: Press the button to turn on overclock, release the button to turn off.??

@john - Thanks for the post mate . I have if its ok with you all - posted the link to this forum to PIA to show them the speed you archived

The odd thing is - IF I use UDP - My speed drops way lower than I can get with TCP? And if I use the client from PIA on my mac - and disable vpn on the router . I gain faster speeds with UDP vs TCP ?

What in hell am I doing wrong lol