2 routers - VPN router is slow - help please?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

haeffnkr

Occasional Visitor
I have 2 ac68u routers. One has all my open connections to my ISP. I have Spectrum and get 200 mbps if I am wired or close on 5G. The the 2nd is my vpn router. When I connect via wired or wireless to my VPN server to NordVPN I get speeds of 25mbps average. When connected to the open router, wired or wirless, using the same NordVPN I get 100 mbps plus.

I followed this tutorial.

How do I trouble shoot this? is there a missing config on my first router?

thanks in advance - haeffnkr
 

eibgrad

Very Senior Member
I have the same router, and that's pretty much all you can expect in terms of throughput w/ OpenVPN given its specs. Perhaps w/ some tweaking you *might* eek out another 5-10%, but that's about it. To get anywhere near your ISP's full 100Mbps would require a *much* more powerful router, minimally 1.4GHz (and more is always better).

In my own case, I put together a small form-factor PC out of old (circa 2011) spare parts running dd-wrt x86 and OpenVPN client, then routed my network through it. Specs are nothing special, but the PC platform, even an old one, can far outperform any consumer grade router when it comes to the VPN. I don't even use a SSD/HDD, just run it off a USB drive. Given a capable VPN provider, it can easily match my ISP's bandwidth (150-160Mbps), and probably plenty more to spare.
 

haeffnkr

Occasional Visitor
@eibgrad WOW ... thanks for the update.
So a cheap pc will outperform any router?
Overall that is cheaper/easier than buying a router, even used router?
 

eibgrad

Very Senior Member
The x86 architecture is far superior to any MIPS/ARM consumer router in terms of raw horsepower. But I'm NOT saying YOU have to use this approach. I'm only saying that for *me* it was more to my liking. I'm otherwise completely satisfied w/ the RT-AC68U and have no desire to spend $200 or more for another router. I just happened to have a bunch of spare PC parts collecting dust on the shelf and thought, what the heck, they've been there for years (got them dirt cheap on clearance/closeout), why not put them to work. As I said, nothing special, and only draws a measly 18 watts. So over the period of a year, it might cost me $12-15/year more compared to getting a new router. And lots of headroom for the future should my ISP+VPN provider offer even more bandwidth.

So just another approach to consider if you find yourself in a similar situation. But for many ppl, it's more likely they'll find it convenient to upgrade their router, esp. if they were considering an upgrade already (the RT-AC68U dates back to 2013, not an issue for me, I prefer the old and proven anyway).
 
Last edited:

CaptainSTX

Part of the Furniture
The favorite on this site is the AC86. Its processor supports AES-NI which is the key to faster VPN speeds. I often get 200 Mbps running a VPN on this router but speeds tend to vary widely. On the Qutom PC I use as a VPN appliance it has no problem getting 400+ Mbps because of the processor and the fact that it supports WireGurad.

There are other ASUS routers that work well for VPN clients some are slightly less expensive and some are nearly twice the cost. Another thing to consider is if the router is supported by Merlin. Having the ability to run Merlin and various addon scripts gives you a superior VPN functionality.
 

eibgrad

Very Senior Member
I'm NOT suggesting a PC as an alternative to your current primary router (although for some that is certainly another option). I'm suggesting the PC as another *gateway* available to your clients, rather than the default gateway of the primary router. What I do is reconfigure DHCP on my primary router to return the LAN ip of the PC hosting the OpenVPN client as the default gateway for those clients (some or all) I want routed over the VPN.

IOW, your wired and wireless clients are *still* connected to your primary router, as always. All I've changed is their default gateway so they use the VPN rather than the WAN.

If you chose to get a better router rather than mess w/ a PC-based solution for the VPN, I try to avoid getting into specific recommendations regarding hardware. Way too many options out there, and I'm hardly the expert. My own needs in this respect are extremely modest (as far as the wireless early adopters are concerned, I'm livin' in the stone age, LOL).
 

J.I

Occasional Visitor
I can recommend AX86U. I get 200 Mbps with that. If you want something faster you would need to go with mini pc with AES-NI preferably I3 processor or stronger
 

eibgrad

Very Senior Member
FWIW, based on my own extensive testing, the *primary* problem w/ the router is NOT AES-NI. Yes, having it helps, but it makes only a relatively marginal improvement. What really kills the performance of the OpenVPN client wrt the router is the fact it has to run in user-space. And in order to manage the tunnel, OpenVPN has to constantly switch between user-space and the kernel. Ring changes are notoriously inefficient (just ask Microsoft when they had to move the GDI to the kernel way back in the days of Windows 3.x to make it even remotely usable). That's why WG (WireGuard) on the exact same router runs so much faster; it runs in the kernel! But when you're relegated to user-space as OpenVPN is, all you can really do is throw raw horsepower at it.

To prove my point, I've actually done testing using a scripted OpenVPN P2P (point-to-point) tunnel between the router and a VPS, w/ NO ENCRYPTION, just a plain ol', in the clear, tunnel, and the performance is comparable (as in bad) to using the OpenVPN client in the GUI w/ certs, encryption, and all the usual elements.

In the end, all that really matters is you need a better router (or PC based solution).
 
Last edited:

haeffnkr

Occasional Visitor
Performance wise, if I upgrade routers to AX86U, is it faster to have clients use a locally installed VPN client or point them to the separate VPN router/network? Sure it is easier to manage vpn connections with 2 routers.

Do I buy one or 2 AX86 routers? Then I will have 2 ac68 routers that I can use to for ai mesh right?
 

eibgrad

Very Senior Member
Performance wise, if I upgrade routers to AX86U, is it faster to have clients use a locally installed VPN client or point them to the separate VPN router/network? Sure it is easier to manage vpn connections with 2 routers.

Do I buy one or 2 AX86 routers? Then I will have 2 ac68 routers that I can use to for ai mesh right?

Managing the OpenVPN client on a second router does have it advantages. And the performance differences compared to a single router, if any, are likely imperceptible. So it's up to you. You might want to *try* a single router first just to see if it meets your needs before commmitting to multiple purchases, esp. if you haven't upgraded in quite some time.
 
Last edited:

nbdwt73

Regular Contributor
For what it is worth, I too have Spectrum (200) and one rt-ax86u and one rt-ac86u... I see little difference in VPN speeds between the two... and the ac86 is obviously lower cost...
 

CaptainSTX

Part of the Furniture
One AX86 would be fine. Be sure you need the additional features that an AX86 offers for the added cost over an AC86.

With two routers you can either set the second as an AP or double NAT the second router behind the first. Each has advantages. It doesn't make much difference if you install the AC68 before what ever 86 model you select as the link between them will be 1000 Mbps. If you have gig speed service from your ISP better to have the 86 first.

Also if you use an AP setup you can't run a VPN on the router being used as an AP. Same if you set up a router as node in a mesh setup you can't run a VPN on it.
 

L&LD

Part of the Furniture
If you can install the VPN client locally on the clients that need them and those clients are current i3's with 8GB RAM, or better, they will be faster than any consumer router you can buy.

The RT-AC86U, RT-AX88U, and the RT-AX86U are all equivalent with their AES NI capabilities and will achieve 200Mbps or more with the right server and ISP connections.

The locally installed VPN clients (if their hardware resources are suitable) are much easier to manage than anything you can use on a router and should be much faster too. This will let you buy the router that best matches your ISP speeds and budget while managing the VPN's is also more intuitive.
 

haeffnkr

Occasional Visitor
You all are awesome!!!!
I just wanted to be safe and watch a little IPTV and now I am upgrading my whole network :)
I started with Merlin 3 years ago when I researched what was best because I bought a $200 linksys POS and literally had to reboot it daily for a year. Merlin with weekly auto scheduled reboots was so solid I just forgot about my router, it just worked. Now I am trying to setup a vpn router on a 2nd ac68u that I bought years ago to setup as an AP but never did it because I really did not need it.... I was getting wifi all over the house and yard with a centrally located ac68u.....so ... vpn wont run on 8 year old hardware...

I bought a ax86u and ac86u today online, and have 2 ac68u, so I main router ax86u, vpn router ac86u and 2 aimesh nodes to get good wifi by the pool and in the driveway :) I will hook them all up Ethernet backbone. That will work right?

thanks again haeffnkr
 

L&LD

Part of the Furniture
Yes, that should work (hopefully without too much tweaking of the settings on the RT-AX86U which I am assuming will be the main router.

The link below may be of interest to you if you require more than general pointers. :)

Best Practice Update/Setup Router/AiMesh Node(s) 2021
 

chichow

Regular Contributor
Managing the OpenVPN client on a second router does have it advantages. And the performance differences compared to a single router, if any, are likely imperceptible. So it's up to you. You might want to *try* a single router first just to see if it meets your needs before commmitting to multiple purchases, esp. if you haven't upgraded in quite some time.

Is it possible to run VPN servesr on multiple Asus routers that are setup as AiMesh?

like if you have 2 RT-AX86Us with one as a Aimesh router and another as an Aimesh node. Can you run a VPN server on both devices and that way maybe get 200Mbps OpenVPN from each one?
 

L&LD

Part of the Furniture
No. The routers need to be in router mode.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top