Advice needed - VPN speed slows down, have to turn on off once a day

Luboknok

Regular Contributor
try another outlet ;) (and/or outlet country)
that's what i do when my vpn client grows sluggish.

Coming back to this issue, unresolved after over a year. Blaming the VPN or the outlet doesn't make sense when the slowing down only happens on router vpn. Desktop/client VPNs maintain full speed indefinitely. Also blaming VPN speeds makes no sense when a fresh reset router can ping 10ms and get 300Mbps without breaking a sweat.

Something about OpenVPN on AC86u is causing the VPN to slow down to a crawl after several hours, from 300Mbps to less then 1Mbps. I've done factory resets, etc. The exact same OVPN config file can maintain over 100Mbps on a cheap Android device.
 

Luboknok

Regular Contributor
Thanks. One thing I found is my VPN over TCP maintains speed better than over UDP. When the router is reset and the VPN tunnel freshly created I see over 400Mbps with the 86U's CPU barely breaking a sweat. The 86U's AESNI is extremely fast and barely bogs down the CPU which is why I got it. Perhaps it is the AESNI blobs causing the slowdown, can those be deactivated in the router?

Even my old 68u maintained ~30Mbps on OpenVPN. Are most users seeing consistent speed over OPENVPN without the slowdown? Perhaps I should swap out the router.
 

Val D.

Very Senior Member
When the router is reset and the VPN tunnel freshly created I see over 400Mbps with the 86U's CPU barely breaking a sweat.

RT-AC86U can reach about 275Mbps with 100% CPU load and this is the hardware limitation with current OpenVPN software. If you see >275Mbps with less than 100% CPU load, then you probably have IPv6 leak. In other words, your data is bypassing the VPN tunnel.
 

consorts

Senior Member
see if disabling encryption stops the slow down.
under crypto: cypher, disable ; fallback, none

i know it's half the reason you may use a vpn
but it may help narrow down the troubleshoot.

on my router i don't bother with crypto
and enjoy constant uptime and speeds.
 

Luboknok

Regular Contributor
RT-AC86U can reach about 275Mbps with 100% CPU load and this is the hardware limitation with current OpenVPN software. If you see >275Mbps with less than 100% CPU load, then you probably have IPv6 leak. In other words, your data is bypassing the VPN tunnel.

Good to know, I was using openspeedtest.net for quick benchmarks and I noticed it is wildly inaccurate compared to speedtest-cli from terminal. Sometimes openspeedtest was reporting 400Mbps+ when my ISP speed is around 200Mpbs. IPv6 is off in modem and router. Speedtest-cli shows ~150Mbps tops.
 
Last edited:

Val D.

Very Senior Member
After two years I solved my slowdown issue by isolating VPN clients into several Merlin VPN slots as detailed here.

On RT-AC86U more than 2 VPN Clients won't speed up anything. This router has 2 CPU cores only. In other words, no matter what you "isolate", you still share the same WAN throughput for all VPN Clients and the same CPU performance for VPN Clients working on the same core. RT-AX88U can run 4 VPN Clients on available 4 CPU cores, for comparison. It may benefit from >2 VPN Clients, if the WAN speed is high enough.
 

Luboknok

Regular Contributor
I don't think LAN throughput was my bottleneck. Certain low traffic IOT devices where somehow dragging down the entire VPN tunnels speed to where browsers where getting less than 10mbps. By isolating my browsers to a dedicated VPN slot I am seeing more like close to my ISP bandwidth 100mbps.

This has entirely renewed my love for Merlin it is an amazingly versatile build on the AC86u.
 

Luboknok

Regular Contributor
I'm seeing AESNI handle over 400mbps OpenVPN without the CPU even registering 50% load on a single core. The LZO compression is probably allowing bandwith even beyond the ISPs maximum. LZ4 would even be better but my VPN hasn't implemented it.
 
Last edited:

Val D.

Very Senior Member
I'm seeing AESNI handle over 400mbps OpenVPN without the CPU even registering 50% load on a single core.

No way with ANY currently available consumer router. Read the posts above. My pfSense appliance with a desktop x86 i5 CPU at 3.4GHz can’t do 400Mbps OpenVPN at 50% load. And very few commercial VPN servers will reach 400Mbps, no matter what hardware you have on your end. What do you expect for $5/month?

The LZO compression is probably allowing bandwith even beyond the ISPs maximum.

If you are seeing >400Mbps (whatever traffic) on a 100Mbps ISP line, then something is completely screwed up with your setup and measuring. And LZO compression is actually better to stay Disabled for security, CPU load and overhead reasons. Some commercial VPN services (like NordVPN, for example) do not allow compression at all.
 
Last edited:

Luboknok

Regular Contributor
You probably are right about the exaggerated 400mbps measurement I saw from from openspeedtest.com, (I mentioned it in the past) but everything is going through the VPN (strict policy). The actual burst speed is around 175mbps tested from speedtest-cli, through AC86U on router OpenVPN without stressing CPU much. My ISP provides high speed bursts doing off period beyond stated rate. Separating clients into VPN slots has completely fixed my slowdown problems which I have troubleshooted for over a year. I used to have to reboot to regain VPN speed now it sits around 90mbps reliably for days on end.
 

Skeptical.me

Very Senior Member
Another great way to fix this issue is to upgrade your router to the RT-AX88U :p
 

Val D.

Very Senior Member
Another great way to fix this issue is to upgrade your router to the RT-AX88U

It has the same performance per core though, so VPN will only benefit in case >2 VPN clients run on different cores. The major advantage of RT-AX88U is in 1GB RAM. This is what RT-AC86U needs badly - more RAM. ASUS decided to save $15 and crippled a good router. Done intentionally perhaps, in order to sell more expensive ones better.
 

Skeptical.me

Very Senior Member
It has the same performance per core though, so VPN will only benefit in case >2 VPN clients run on different cores. The major advantage of RT-AX88U is in 1GB RAM. This is what RT-AC86U needs badly - more RAM. ASUS decided to save $15 and crippled a good router. Done intentionally perhaps, in order to sell more expensive ones better.

I upgraded to the AX88U and so far I've had no speed issues (touch wood). But the way I resolved this issue with the AC86U was to simply re-install merlin, reset, and reinstall the .ovpn in a profile and the speed was good. I sold my AC86U in order to help purchase the AX88U. Yeah, the extra RAM is great. I also use a 2GB Swap file, I'm not sure how much the router relies on it though.
 

Val D.

Very Senior Member
I also use a 2GB Swap file, I'm not sure how much the router relies on it though.

It's useless on a flash drive with USB 2.0, partially useful on a SSD with USB 3.0. I did some tests in the past and once RT-AC86U reaches the critical point of 95% RAM utilization the processes in RAM start do die off one after another. The Swap is there for compatibility reasons and to make you feel better. RT-AC86U runs much better with no TrendMicro bloatware loaded in memory. And the CPU can do Traditional QoS up to about 400Mbps, producing consistent "A" bufferbloat ratings on dslreports.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top