What's new

(Asus AC86u / Merlin 384.18) OpenVPN performance improvement

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Enrico85

Occasional Visitor
Hi all,
I have 2 Router AC86U with the last Merlin firmware.
I configured a site to site vpn network, I have a gigabit symmetric connection but the performance is limited to 160/200 mbits
The cpu usage is under 80%

cpu.PNG

my configuration:

config.PNG

I found this guide:
Optimizing performance on gigabit networks

do you have any tips to improve performance?
how can i enable AES-NI acceleration?

i tried to add custom parameters

parameters.PNG
but nothing changes

Thanks
 
Last edited:
ok thanks,
are there better performing asus routers?

My cpu is 1.8 GHz dual-core processor, the best is 1.8 GHz quad-core processor (GT-AX11000).
I believe the speed is related to the maximum speed of a single core

thanks
 
ok thanks,
are there better performing asus routers?

My cpu is 1.8 GHz dual-core processor, the best is 1.8 GHz quad-core processor (GT-AX11000).
I believe the speed is related to the maximum speed of a single core

And OpenVPN is a single threaded application so the number of cores won't make a difference unless you have multiple VPN connections.
 
@Enrico85 'you' have a Gbps symmetrical ISP connection, but what about the other site? Your maximum speed will be the weakest of all the links involved. What are the ISP speeds there? Fibre, cable, DSL?

How are you determining what the maximum performance is? Does this vary by the time of day the test is performed?

With a solid ISP connection on both ends (symmetrical Gbps Fibre), the RT-AC86U can hit up to about 250Mbps.

What is the actual RMerlin firmware version you're running? I would suggest testing the latest 384.19 Beta 1.

 
sorry I have omitted some details of my connection
I have a ftth gpon gigabit and the two devices are in the same control unit, in fact I have only 1 hop away and the ping stands at 5ms.
the speed with an external ftp connection (outside the vpn) approaches 800/900 mbit

doing the speed test both sites always have maximum speed 940/940 dl/ul

the strange thing is that changing parameters like: ciphers (AES-128-CB, AES-192-CBA, ES-256-CB ) or the compression does not change anything, the speed remains on 160/200 mbps

i will try the new firmware, my firmware is Merlin 384.18
 
Are you running any scripts via amtm or otherwise? Are you using any other router features besides OpenVPN?

What do you mean by the 'same control unit'? If the two networks are physically that close, why not run a cable between the two instead of going out over the 'net?
 
they are 2 different houses, 3 km away but connected to the same telephone exchange, same PoP (Point of Presence)
no, I have the standard firmware, without any scripts
 
Maybe your ISP is throttling VPN traffic? Try a non-standard port for the VPN?
 
the strange thing is that changing parameters like: ciphers (AES-128-CB, AES-192-CBA, ES-256-CB ) or the compression does not change anything, the speed remains on 160/200 mbps

This is well understood. The problem has little to do w/ various OpenVPN settings, even encryption. Ultimately, the CPU dictates/limits your performance. And the reason is that OpenVPN (like most VPNs on these routers) runs in user-space, NOT the kernel. That means there are constant ring changes between user-space and the kernel to manage the tunnel, and that sets an upper limit on performance. All you can do to overcome this limitation is provide more CPU. That's why Merlin suggested the real answer is a desktop-level CPU, and not the relatively crappy processors on these routers. That's why if you're expecting desktop level performance, you're fighting a losing battle. Your best hope is Wireguard, which runs in the kernel.
 
i tried port 5555, no change

here is my full configuration:

home 1 (subnet 192.168.2.X)
server_2.pngclient_2.png

hone 2 (subnet 192.168.0.X)
server_0.pngclient_0.png


@RMerlin @eibgrad
thanks for the explanation
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top