VPN Speed problems: Merlin vs Advanced Tomato

[Orangeday]

I did run some speed tests on my Asus 56U and I get these results, no matter which VPN server I chose (mainly private internet access: swiss server).

Without VPN: 24 mb/s
Tomato with VPN: 23mb/s
Merlin with VPN: 12mb/s.

I switched between the firmwares a couple of times because it really confused me. Is there really such a big difference? Is it possible that Merlin doesen't support dualcore CPU?
I really like Merlin very much and I don't want to go back to advanced tomato, especially because my FTP server didn't work with advanced tomato.
Is there anything I can do to make it as fast as tomato?

 

[yorgi]

I did run some speed tests on my Asus 56U and I get these results, no matter which VPN server I chose (mainly private internet access: swiss server).

Without VPN: 24 mb/s
Tomato with VPN: 23mb/s
Merlin with VPN: 12mb/s.

I switched between the firmware's a couple of times because it really confused me. Is there really such a big difference? Is it possible that Merlin doesen't support dualcore CPU?
I really like Merlin very much and I don't want to go back to advanced tomato, especially because my FTP server didn't work with advanced tomato.
Is there anything I can do to make it as fast as tomato?

Hi
You will never get faster then that speed weather you use Merlin or TomatoUSB
the CPU is limited. we did major tests with speeds on VPN and 87u got 57mb/s and some higher end models went up to 60+mb/s
it's all about the cpu. The faster the CPU the better the VPN speed.
Even though you have a dual core its probably not a fast CPU. I looked for the specks but they don't mention speed of processor.
also make sure you use aes-128-cbc for encryption because its the fastest from all the encryption's.
if you got 12mb/s with Merlin chances are you are using blowfish and not AES

Check out this thread for setting up aes-128-cbc
http://www.snbforums.com/threads/ho...n-firmware-a-step-by-step-how-to-guide.30851/
check out this thread
http://www.snbforums.com/threads/sp...cryptions-help-by-sharing-your-results.30506/

 

[Orangeday]

I already tried it a couple of times and I just did it again, but my speed is still 12mb/s. And I'm really sure that I got almost double the speed with advanced tomato.
I believe it's a dual core 800mhz. That should definitely be enought for my 24mb/s connection (and like I said, with tomato I get 23mb/s so the cpu shoult not be the problem).

 

[RMerlin]

I can reach 50 Mbps with OpenVPN on my firmware. You must have something configured differently in Asuswrt versus TOmato if you only get 12 MB/s.

OpenVPN does not support multiple CPU cores.

 

[Orangeday]

of course its possible that I made a mistake in the setup.
I made a screen of my configuration, is there anything wrong?

 

[RMerlin]

of course its possible that I made a mistake in the setup.
I made a screen of my configuration, is there anything wrong?

You have "Redirect Internet Traffic" to No, which means that your connection won't go through your VPN tunnel. That shouldn't matter with your performance issues however, just making sure.

Make sure you run firmware 380.58. This includes two performance-related fixes:

1) The OpenVPN client 1 will be running on the second (usually unused) CPU core
2) NAT acceleration is bypassed for the OpenVPN traffic (as otherwise this would cause performance issues)

 

[john9527]

Try using the germany location instead of swiss. I just connected to swiss from here in the states, and topped out about 10-12 Mbps. Going to germany got 48Mbps. My normal using a server in the states is about 55Mbps.

 

[Orangeday]

I have Merlin_RT-AC56U_380.58_0 installed, so that shouldnt cause the problem.
After setting "Redirect Internet traffic" to "all traffic", I have a strange problem: some websites don't load anymore, others do. The website I do my speed tests (http://www.wieistmeineip.de/speedtest/) is not working anymore, but it's working when I turn VPN off.
What exactly does Redirect internet traffic changes? I mean, before I put it on, websites still showed the IP of the vpn and not my real one.

About the swiss vpn: I didn't know that it makes such a difference, but still, with tomato I had 23mb/s with the swiss vpn. For me it doesen't make a lot of sense to use a german vpn, since I'm from germany. We can't even watch most youtube videos since they are blocked from our copyright companies. Other european servers have the problem that most websites change their language when using them and I only speak german and english. I don't know how much sense it would make to switch to a US server since they are on the other side of the world.

 

[RMerlin]

I have Merlin_RT-AC56U_380.58_0 installed, so that shouldnt cause the problem.
After setting "Redirect Internet traffic" to "all traffic", I have a strange problem: some websites don't load anymore, others do. The website I do my speed tests (http://www.wieistmeineip.de/speedtest/) is not working anymore, but it's working when I turn VPN off.
What exactly does Redirect internet traffic changes? I mean, before I put it on, websites still showed the IP of the vpn and not my real one.

If you don't enable Redirect Internet Traffic, then your tunnel won't be doing anything at all, unless you use another method to tell your router to route all traffic through the tunnel.

Some websites might no longer work properly because you are using a Swiss IP then.

 

[yorgi]

of course its possible that I made a mistake in the setup.
I made a screen of my configuration, is there anything wrong?

Put accept DNS to exclusive and compression to none.
redirect traffic has to be on all traffic.
then it should work.

 

[Orangeday]

If you don't enable Redirect Internet Traffic, then your tunnel won't be doing anything at all, unless you use another method to tell your router to route all traffic through the tunnel.

Some websites might no longer work properly because you are using a Swiss IP then.

ah ok, so if its not enabled it's just showing another ip but doesen't lock my traffic. but thats strange, why did my internet speed drop to 12mb/s then?

Put accept DNS to exclusive and compression to none.
redirect traffic has to be on all traffic.
then it should work.

wow, I did what you said and now I'm at 21mb/s, which is enough for me, thanks a lot! just out of curiosity, why is it so much better without copression? shouldnt compression make things flatter and faster? my routers cpu was usually at 20% even while downloading big files

 

[RMerlin]

ah ok, so if its not enabled it's just showing another ip but doesen't lock my traffic. but thats strange, why did my internet speed drop to 12mb/s then?

It's probably your tunnel provider pushing default routes to your router, forcing it to route the traffic through the tunnel regardless of this webui setting.

 

[yorgi]

ah ok, so if its not enabled it's just showing another ip but doesen't lock my traffic. but thats strange, why did my internet speed drop to 12mb/s then?


wow, I did what you said and now I'm at 21mb/s, which is enough for me, thanks a lot! just out of curiosity, why is it so much better without copression? shouldnt compression make things flatter and faster? my routers cpu was usually at 20% even while downloading big files

think about it like this.
All packets today are compressed.
Jpg is a compressed image and most of the phones and tablets data is compressed so it goes quicker.
By adding more compression on the router it will only slow things down.
why try to compress a jpg when its already compressed right?
there is the answer. you don't need compression anymore. I don't understated why they keep pushing it on default configs.
I am happy that you got it working

I would take out the line where you put verb 1 in custom configurations as the feature global log verbosity is set to 3 so you dont need that line.
One other note, say yes to Username / Password Auth. Only
its a better option to have on.

clone this for custom configurations
there are things you don't need there because they are already covered in the client
auth nocache is good because it wont cache the password thus making it safer
enjoy!

 

[Orangeday]

yes, at some point I kept adding more lines because I hoped my other problem will disapear (http://www.snbforums.com/threads/open-vpn-problems-cannot-resolve-host.31239/). I will take them out again and use your custom configuration lines. Thanks! maybe after all my changes the other problem will disappear

 

[yorgi]

yes, at some point I kept adding more lines because I hoped my other problem will disapear (http://www.snbforums.com/threads/open-vpn-problems-cannot-resolve-host.31239/). I will take them out again and use your custom configuration lines. Thanks! maybe after all my changes the other problem will disappear

Hmm I am not so sure if its PIA that is dropping your connection or if these new configurations will fix your issue that at 3 am it drops
I would think that your local ISP is dong some maintenance or something.
the way you are setup now you shouldn't have any problems. if you do get these drop connections
contact PIA customer support and they can check further. I don't think its the router or your configurations at this point.
Good luck and let us know if everything worked out for you

 

[yorgi]

You have "Redirect Internet Traffic" to No, which means that your connection won't go through your VPN tunnel. That shouldn't matter with your performance issues however, just making sure.

Make sure you run firmware 380.58. This includes two performance-related fixes:

1) The OpenVPN client 1 will be running on the second (usually unused) CPU core
2) NAT acceleration is bypassed for the OpenVPN traffic (as otherwise this would cause performance issues)

when you say NAT acceleration is bypassed for the OPENVPN traffic do you mean
in LAN switch control to disable NAT acceleration?

 

[RMerlin]

when you say NAT acceleration is bypassed for the OPENVPN traffic do you mean
in LAN switch control to disable NAT acceleration?

The OpenVPN traffic is marked to bypass NAT acceleration. That means you can keep NAT acceleration enabled, and OpenVPN traffic will bypass it, as it could generate a performance issue with some setups.

 

[yorgi]

The OpenVPN traffic is marked to bypass NAT acceleration. That means you can keep NAT acceleration enabled, and OpenVPN traffic will bypass it, as it could generate a performance issue with some setups.

From what I read, NAT acceleration is good for super high bandwidth speeds over 100mb/s which I don't have therefore by default I always disabled NAT acceleration

 

[GeoS]

I have an AC5300 on PIA openVPn. Without router VPN enabled, I get download speeds of 110 mb/s. When router VPN enabled, and depending on time of day, I get around 35-40 mb/s. So, only one of the cores is used for VPN encryption? Is there a way to overclock that core to increase speed?

 

[yorgi]

I have an AC5300 on PIA openVPn. Without router VPN enabled, I get download speeds of 110 mb/s. When router VPN enabled, and depending on time of day, I get around 35-40 mb/s. So, only one of the cores is used for VPN encryption? Is there a way to overclock that core to increase speed?

Depending on which of their servers you use the speeds will vary drastically.
The NY and Toronto servers seem to be their fastest.
You should be able to get about 60mb/s with that router you have.
I helped out a guy from Canada the other day and when he hooked his 5300 with NY and Toronto servers he got 60mb/s and more.
That is pretty much the fastest you can go.
Also make sure you are using AES-128-CBC with compression disabled and take out comp-lzo in custom configurations if you put it there. that will make a difference in your speed as well.
Lastly, use VPN client 2 which uses the second core leaving the first core for routing and the second for compression.
You should get a lot better speeds that way.
but remember you will never get 100mb/s with that router and VPN client unless you go with no encryption on port 1195
you can check this guide for more
http://www.snbforums.com/threads/ho...n-firmware-a-step-by-step-how-to-guide.30851/