AC5300 Slow VPN?

[BGood]

So I set up PrivateInternetAccess on my AC5300 a few years ago for some of my home devices. I was never pleased with the speeds of 20-40 Mbps when my home internet gets 600-800 Mbps down, but I accepted it as "good enough". More recently after seeing PIA was acquired by a potentially sketchy company, I decided to try SurfShark. I'm now getting around 20-30 Mbps on either provider. Both of them seem to have pretty good ratings for speed, as a percentage of the usual throughput. I'm wondering now if it's the router that's slowing things so much? Has anybody tested the router vs. setting up VPN on each device?

Thanks

 

[Tech9]

I'm wondering now if it's the router that's slowing things so much?

Yes, your router can do about 50Mbps on OpenVPN. It's a CPU limitation.

Running on-device VPN client is going to be faster. Even iPhone 6s from 2016 can do >150Mbps on OpenVPN.

 

[SheikhSheikha]

So I set up PrivateInternetAccess on my AC5300 a few years ago for some of my home devices. I was never pleased with the speeds of 20-40 Mbps when my home internet gets 600-800 Mbps down, but I accepted it as "good enough". More recently after seeing PIA was acquired by a potentially sketchy company, I decided to try SurfShark. I'm now getting around 20-30 Mbps on either provider. Both of them seem to have pretty good ratings for speed, as a percentage of the usual throughput. I'm wondering now if it's the router that's slowing things so much? Has anybody tested the router vs. setting up VPN on each device?

Thanks

VPN per device is always faster than on your router. Make sure you do not use Qos. NAT Acceleration should be on.

So: QoS off, under Lan/Switch Control/Nat Acceleration on Auto!
Make sure your wifi is properly configured, try to avoid DFS channels, select a channel (not on auto) and try to choose less populated channels.

 

[Tech9]

Has anybody tested the router vs. setting up VPN on each device?

The best you can get from home routers is about 250Mbps on OpenVPN and 350Mbps on Wireguard. Newer models only with ARMv8 CPU. My firewall has relatively weak Intel x86 CPU and can do >400Mbps on OpenVPN to local popular VPN servers like ExpressVPN and NordVPN.

 

[Smokey613]

All the above and I do not think the AC5300 has AES-NI support, so your VPN speeds will be limited to around 40Mbps. The HND series of Asus routers do have AES-NI support. I get 95Mbps on my VPN.

 

[BGood]

So which Asus models can do 100 Mbps easily? And also support split tunneling and Merlin firmware?

 

[RMerlin]

So which Asus models can do 100 Mbps easily? And also support split tunneling and Merlin firmware?

Any of the HND models:

About | Asuswrt-Merlin

www.asuswrt-merlin.net

 

[Tech9]

So which Asus models can do 100 Mbps easily?

Newer HND routers with ARMv8 + AES can do 200+, but it will be split between your devices. 3x laptops with own VPN processing can do 200+ each for total aggregate traffic close to your 600-800Mbps ISP line. This is the difference - more CPUs can process more traffic.

 

[BGood]

Newer HND routers with ARMv8 + AES can do 200+, but it will be split between your devices. 3x laptops with own VPN processing can do 200+ each for total aggregate traffic close to your 600-800Mbps ISP line. This is the difference - more CPUs can process more traffic.

Is the ASUS - ROG Rapture GT-AX11000 one of the "newer" routers?

Now I'm going to venture to ask what is probably a dumb question. If I bought the ASUS - ROG Rapture GT-AX11000 and flashed it to the same Merlin version as my AC5300, could I restore my AC5300 configuration file to the AX11000 and not have to re-do my entire setup?

Thanks to everyone who has replied in this thread.

 

[Tech9]

Is the ASUS - ROG Rapture GT-AX11000 one of the "newer" routers?

Yes.

could I restore my AC5300 configuration file to the AX11000

No.

 

[BGood]

Yes.



No.

As I thought, but thanks for confirming!

 

[BGood]

Is it possible to backup only the static reservations? I saw this command:

nvram get dhcp_staticlist

Will that run on the AC5300?

Then can I restore to the AX11000:


nvram set dhcp_staticlist="saved data from the other router"
nvram commit

 

[ColinTaylor]

Is it possible to backup only the static reservations? I saw this command:

nvram get dhcp_staticlist

Will that run on the AC5300?

Then can I restore to the AX11000:


nvram set dhcp_staticlist="saved data from the other router"
nvram commit

Yes you can do that provided the firmware version of each router is reasonably current (the format was slightly different in some of the old 384 firmwares).

 

[BGood]

So, the new AX11000 *is* much faster with both VPNs! So that's a win!

Now if you will humor me, I have 2 questions.
*My Galaxy S21 connects with Wi-Fi6 (Tri-Band Smart) according to the icon at the top right of the screen. I have LAN access, but not WAN access. My older Win 10 laptop has LAN and WAN access, but I don't expect it's new enough for Wi-Fi6.

*I was running OpenVPN on my AC5300 and had a number of devices already able to use it. Is there a way I can export that config and import it to the AX11000 so I don't have to re-do my client certs?

Thanks, folks!

 

[BGood]

Well, it looks like I have much bigger problems! I have a bunch of devices that can't communicate with the internet now! Some wired and some wireless (smart wifi and guest wifi). It seems to be non-Windows devices more so than Windows devices. I've tried to go back do ISP DNS, turn off DoT and DNSSEC. My settings look the same as my AC5300. I noticed NAT now has Symmetric and FullCone, but neither seems to help.

Devices that won't talk to the WAN (wired): Ooma, Roku, Accurite (2 hubs), Arlo
Devices that won't talk to the WAN (wireless): Samsung Galaxy S20 Ultra, S21, Wyze doorbell, Ecobee 3 thermostat, Hubitat
Devices that talk to the WAN (wired): Several Dell Windows computers.

For what it's worth, the Dell computer can be connected directly to the AX11000 or through my Netgear switch.

It would seem to be a DNS thing? I'm clearly no network guru, but this just stumps me.