Solved ASUS RT-AC66U_B1 with Asuswrt-Merlin, poor performance with 2 OpenVPN tunnels active

t1100mfp

New Around Here
Hi all,

This is my situation:
  • Hardware: ASUS RT-AC66U_B1
  • Software: Asuswrt-Merlin 386.7_2
  • VPN Configuration: 2 OpenVPN clients running simultaneously connected to NordVPN, using their standard configuration.
  • Network configuration:
    • OVPN1 routes traffic from subnet x.x.x.0/26.
    • OVPN2 routes traffic from subnet x.x.x.64/26.
    • Traffic from subnets x.x.x.128/26 and x.x.x.192/26 has no VPN.
  • Clients:
    • OVPN1 handles traffic for about 7 devices, e.g. cellphones, laptop, smart appliances, video games.
    • OVPN2 handles traffic for 3 devices, mostly streaming, including a 4K TV.
    • Traffic that flows without a VPN is mainly a work computer that uses its own VPN.
The performance for all devices flowing through the VPN tunnels is poor at best, simple webpages take too long to load, streaming randomly buffers, and sometimes things just don't load at all.

I have monitored the CPU and memory usage of the router when things go bad, but it doesn't seem to reach 100% ever, perhaps memory peaks at 60% and CPU goes up and down, from about 20% to 60%.

My question is the following: am I asking too much to my router? First day I tested with only 1 VPN tunnel, things seem normal, but with the second VPN tunnel running at the same time, the internet connection is just unbearable on all devices.

Is there any hardware (or maybe configuration) that you would recommend to have 2 (or more) VPN tunnels connected at the same time without any major hiccups?

Appreciate any guidance or advice you can provide me.

Cheers.
 

bbunge

Part of the Furniture
Yes, you are asking too much of an AC66U_B1. Dump the VPN clients and be happy with a good AC router.
 

Tech9

Part of the Furniture
My question is the following: am I asking too much to my router?

I have left one B1 in another country serving as OpenVPN server to local ISP exit point and it sends about 40Mbps out. This is what the CPU can do and good enough for my needs, but may suffer performance issues with 10 devices. Single 4K stream to the TV may choke the CPU. It's a good, cheap and very reliable router, but around 2012 technology level has some limitations in 2022.
 

t1100mfp

New Around Here
I have left one B1 in another country serving as OpenVPN server to local ISP exit point and it sends about 40Mbps out. This is what the CPU can do and good enough for my needs, but may suffer performance issues with 10 devices. Single 4K stream to the TV may choke the CPU. It's a good, cheap and very reliable router, but around 2012 technology level has some limitations in 2022.
What would be a good replacement in your opinion? If possible, also on the ASUS line since I like the Merlin firmware a lot!
 

Tech9

Part of the Furniture
I would recommend RT-AX86S. It can do >200Mbps on OpenVPN, 1.8GHz dual-core ARMv8 CPU + hardware AES. If the budget allows, RT-AX86U. You can check the differences between the two in specifications.
 

L&LD

Part of the Furniture
The RT-AX68U is an excellent upgrade from your current router.

The nominally small price difference between the RT-AX86s and the (much better) RT-AX86U is not worth considering the RT-AX86s at all.

However, on sale, the GT-AX6000 is the model to buy today.

All of the above depends on your local market and online ordering options, of course. but these are the best suggestions I can offer (I've used all these models for years/months now).

To make it blatantly obvious: no AC class router is worth considering today.
 

RMerlin

Asuswrt-Merlin dev
I would recommend RT-AX86S. It can do >200Mbps on OpenVPN, 1.8GHz dual-core ARMv8 CPU + hardware AES. If the budget allows, RT-AX86U. You can check the differences between the two in specifications.
For two tunnels, I would recommend a quad core router rather than a dual core one tho.
 

Tech9

Part of the Furniture
I would recommend a quad core

Agree, best case. If the budget allows.

@t1100mfp, if you wonder why - OpenVPN is single threaded. If your router has quad-core CPU, your 2x VPN tunnels will work on separate cores, leaving first core available for routing and other common router tasks. For higher OpenVPN performance you need a router with ARMv8 + AES CPU. AX86U fits the requirements, but it's around $250. A newer AX86U Pro is coming by the end of the year perhaps, if you can wait.
 

t1100mfp

New Around Here
Great, thank you so much guys. Appreciate the guidance. I'm no hurry to get the 2 VPN tunnels running for now, so I might wait until the EOY to see what's up with the AX86U Pro, or if the regular AX86U gets a discount.

Cheers.
 

RMerlin

Asuswrt-Merlin dev
Great, thank you so much guys. Appreciate the guidance. I'm no hurry to get the 2 VPN tunnels running for now, so I might wait until the EOY to see what's up with the AX86U Pro, or if the regular AX86U gets a discount.

Cheers.
Keep an eye on Black Friday if you aren't in a hurry to upgrade, Asus often heavily discounts a model or two on that day. I remember a few years ago the RT-AC86U was heavily discounted here in Canada back when it was still a fairly recent model.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top