Asus ac66u Openvpn server speed

[helio58]

Hi, I have a AC66U with 380.70 running a openvpn server.
In the same location network there is a raspberry pi with another openvpn server.
On the router I'm getting speeds of 10Mbit/s on the raspberry 30Mbit/s
I think the problem must be the router configuration.
Here is the config
#
daemon
topology subnet
server 10.8.10.0 255.255.255.0
proto udp
port 1195
dev tun21
ncp-disable
cipher AES-128-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.0.0 255.255.255.0 vpn_gateway 500"
duplicate-cn
push "redirect-gateway def1"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
verify-client-cert none
username-as-common-name
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 5

and this is the Raspberry Pi config

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_tbH4aPOnsmMEThQO.crt
key /etc/openvpn/easy-rsa/pki/private/server_tbH4aPOnsmMEThQO.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3

Can anyone give a hint how to speed up the router?
Thanks

 

[ColinTaylor]

I think the problem must be the router configuration.

I think the problem is your router only has a 600MHz single-core processor.

 

[helio58]

I think the problem is your router only has a 600MHz single-core processor.

Thanks Colin, will test with another router. Just got impress with the Pi speed.

 

[helio58]

Thanks Colin, will test with another router. Just got impress with the Pi speed.

One question.
I try to use the user configuration file I got from Raspberry Pi server. On my asus router it does not load.
Here is the client .ovpn file <I have removed the address and the keys.

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_tbH4aPOnsmMEThQO name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIDKzCCAhOgAwIBAgIJALYVF8HcoxKqMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV
BAMMCENoYW5nZU1lMB4XDTE4

Here is the Asus (AC68U) log

Nov 18 20:35:40 rc_service: httpd 497:notify_rc start_vpnclient1
Nov 18 20:35:42 openvpn[8829]: OpenVPN 2.4.3 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 8 2018
Nov 18 20:35:42 openvpn[8829]: library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.08
Nov 18 20:35:42 openvpn[8829]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Nov 18 20:35:42 openvpn[8829]: Exiting due to fatal error
Nov 18 20:35:42 syslog: VPN_LOG_ERROR: 537: Starting OpenVPN failed...

Is it possible to make it work with same tweak?
Thanks

 

[sfx2000]

I think the problem is your router only has a 600MHz single-core processor.

Yep, and Raspbian is more current with OpenSSL and OpenVPN...

openvpn/stable 2.4.0-6+deb9u2 armhf
openssl/stable,now 1.1.0f-3+deb9u2 armhf