Asus RT-AC88U AsusWrt Merlin 380.64 VPN connection slow

[jerdan]

I am using Torguard and while I am quite happy with the VPN speeds via the provided clients (Windows, Android) I am experiencing also a serious degradation via the router setup. I am running Asuswrt-merlin 380.64_2 on my RT-AC68U.

Here are my test results:
No VPN at all: 70 down / 5 up
Using Torguard Windows Client (UDP, AES-256-CBC, SHA256): >60 down / >4 up
Using OpenVPN on router (UDP, AES-256-CBC, SHA256): 22 down / 3-4 up
Using OpenVPN on router (UDP, BF-CBC): 25 down / 3-4 up
Using OpenVPN on router (UDP, no cipher): 33 down / 3-4 up

Based on the comments above the router should be able to deliver more. What am I missing? Even without encrypting the data I am not getting nearly the same speed as with the Windows Client.

 

[Xentrk]

You can connect two routers to the LAN on the modem, and configure both routers as PPPoE connections with the same ISP user-ID and password?

I as well use two routers (asus stock FW): ToT fiber modem in bridge mode. 1st router connected to LAN 1 of the modem and connection is PPPoE, 2nd asus router is connected to LAN of 1st router with Auto IP setting. I use openVPN on 2nd router. Seems to work, don't know your setup works so well, or it was even possible.

Does torguard unblock USA Netflix??

Also, can encryption be switched off torguard openVPN, L2TP, etc., or is that managed by merlin or other firmware on the router?

I am able to use two routers with the same PPoE userid and password. My ISP provides a modem/router combo. I turned off DHCP and the radios and put it in Bridge Mode to turn it into a modem. If you have a modem with only one ethernet connection, then you will need a 4 port switch to provide the additional Ethernet connection. The ISP does see the two routers on my connection with them. Each one gets a unique WAN IP. Prior to this, I used a LAN to WAN connection between the two routers using these instructions: http://www.linksys.com/ca/support-article?articleNum=132275. However, I had a suspicion that this has an impact on the vpn connection. My reasoning is vpn traffic is being processed on the vpn router, then traffic has to be processed by the non vpn router.

Yes, torguard can unblock USA Netflix with a Private IP. I worked with them to get one in the best geo location for me which was the west coast. This provided less ping time when compared to one on the east coast.

Level of encryption can be changed with torguard. You have to change the port depending on the level of encryption you choose. Since getting around geo blocking and streaming media is my main needs, I don't use encryption in order to get the best streaming performance.

I don't get great speed from my VPN either, geo distance from my server appears to be the biggest factor for me. But I can stream 4k video without buffering. So, I quit stressing over it.

 

[Xentrk]

I am using Torguard and while I am quite happy with the VPN speeds via the provided clients (Windows, Android) I am experiencing also a serious degradation via the router setup. I am running Asuswrt-merlin 380.64_2 on my RT-AC68U.

Here are my test results:
No VPN at all: 70 down / 5 up
Using Torguard Windows Client (UDP, AES-256-CBC, SHA256): >60 down / >4 up
Using OpenVPN on router (UDP, AES-256-CBC, SHA256): 22 down / 3-4 up
Using OpenVPN on router (UDP, BF-CBC): 25 down / 3-4 up
Using OpenVPN on router (UDP, no cipher): 33 down / 3-4 up

Based on the comments above the router should be able to deliver more. What am I missing? Even without encrypting the data I am not getting nearly the same speed as with the Windows Client.

I have seen this as well. The only thing I can think of is the CPU on the laptop vs the CPU on the router. That is why some people end up going the pfSense route of building a router out of a old PC with a higher end CPU to get the best performance possible. Geo distance from VPN server plays a big role as well as the farther the traffic has to travel, the longer it takes. I shared my settings on page 1 of this thread. Torguard has to DNS servers you can specify. Try each one pair to see if they make a difference.

 

[unclebuk]

I am able to use two routers with the same PPoE userid and password. My ISP provides a modem/router combo. I turned off DHCP and the radios and put it in Bridge Mode to turn it into a modem. If you have a modem with only one ethernet connection, then you will need a 4 port switch to provide the additional Ethernet connection. The ISP does see the two routers on my connection with them. Each one gets a unique WAN IP. Prior to this, I used a LAN to WAN connection between the two routers using these instructions: http://www.linksys.com/ca/support-article?articleNum=132275. However, I had a suspicion that this has an impact on the vpn connection. My reasoning is vpn traffic is being processed on the vpn router, then traffic has to be processed by the non vpn router.

Yes, torguard can unblock USA Netflix with a Private IP. I worked with them to get one in the best geo location for me which was the west coast. This provided less ping time when compared to one on the east coast.

Level of encryption can be changed with torguard. You have to change the port depending on the level of encryption you choose. Since getting around geo blocking and streaming media is my main needs, I don't use encryption in order to get the best streaming performance.

I don't get great speed from my VPN either, geo distance from my server appears to be the biggest factor for me. But I can stream 4k video without buffering. So, I quit stressing over it.

There are 4 LAN ports on my ISP modem....your set-up should work on my system? ToT asked me to use only LAN 1 on the modem to connect the router...does this make sense? In theory I should be able to connect a second router to LAN 2/3/4 of the modem and configure PPPoP as well on the second router?

Very interesting, thanks for your feedback and assistance.

 

[Xentrk]

There are 4 LAN ports on my ISP modem....your set-up should work on my system? ToT asked me to use only LAN 1 on the modem to connect the router...does this make sense? In theory I should be able to connect a second router to LAN 2/3/4 of the modem and configure PPPoP as well on the second router?

Very interesting, thanks for your feedback and assistance.

Glad to help. I really like this setup. I support two other sites and also dumped down the modem/router provided by the ISP. I would think my set up should work for you as well. My ISP is 3BB. I have fiber to the home 100 Mpbs Down/10 Mbps Up. Turn off DHCP Server and the radio on the ToT Modem/router and place it in Bridge Mode. Since WiFi and DHCP is turned off on the modem/router, you will need to connect to it over a Ethernet cable. I have windows laptop. Let's say the modem/router is 192.168.1.1. I then set static IP on my windows laptop to 192.168.1.5 (the fourth octave needs to be something other than 1) and gateway of 192.168.1.1. I have to use a USB 3 to Ethernet adapter as my laptop does not have an Ethernet port.

For the routers you connect to the cable modem, assign each of them a router IP other than 192.168.1.1. For example, modem/router is 192.168.1.1, router 1 is 192.168.2.1 and router 2 is 192.168.3.1. The key is the 3rd octave of the IP address needs to be different. Let me know your progress. I will monitor your posts so I can help if needed.

 

[unclebuk]

hello, well I tried all the settings you have recommended however 2nd router cannot obtain a WAN IP from the bridged ISP modem. There are a few other DHCP settings on the modem that I tinkered with but no success. The main setting that is hindering my progress MAY be the "DHCP mode" (see attached S-shots).

It seems that LAN Port 1 has special status in my case and is set to "Local", the other settngs for this are "Internet" and "Default", but only one LAN port on the modem can be configured at a time. 1st router is connected to modem LAN 1 (setting is "Local"), I connected the 2nd router to Lan 3 on the modem but could not connect and get the WAN IP from ToT.

Any suggestions at this point?

 

[Xentrk]

View attachment 8361 View attachment 8362 hello, well I tried all the settings you have recommended however 2nd router cannot obtain a WAN IP from the bridged ISP modem. There are a few other DHCP settings on the modem that I tinkered with but no success. The main setting that is hindering my progress MAY be the "DHCP mode" (see attached S-shots).T

It seems that LAN Port 1 has special status in my case and is set to "Local", the other settngs for this are "Internet" and "Default", but only one LAN port on the modem can be configured at a time. 1st router is connected to modem LAN 1 (setting is "Local"), I connected the 2nd router to Lan 3 on the modem but could not connect and get the WAN IP from ToT.

Any suggestions at this point?View attachment 8361View attachment 8362

Try the Internet setting for DHCP Mode. Attached are the settings I used to turn my modem/router into a modem.

 

[jerdan]

I have seen this as well. The only thing I can think of is the CPU on the laptop vs the CPU on the router. That is why some people end up going the pfSense route of building a router out of a old PC with a higher end CPU to get the best performance possible. Geo distance from VPN server plays a big role as well as the farther the traffic has to travel, the longer it takes. I shared my settings on page 1 of this thread. Torguard has to DNS servers you can specify. Try each one pair to see if they make a difference.

Thanks for your reply. I tried your settings and it seems at least it is a tiny bit better
Based on others users results it seems like the router should be able to process more (over 40Mbps per another comment here). I would assume this should be independent from the "naked" bandwidth!?
Oh, and as mentioned before I tried the port with no data encryption and still not much better. Strange.

 

[Xentrk]

Thanks for your reply. I tried your settings and it seems at least it is a tiny bit better
Based on others users results it seems like the router should be able to process more (over 40Mbps per another comment here). I would assume this should be independent from the "naked" bandwidth!?
Oh, and as mentioned before I tried the port with no data encryption and still not much better. Strange.

I can get 90 Mbps download with using no encryption when connecting to Torguard server in Bangkok. I have 100 Mbps down/10up, but often get 120Mbps down. The farther away my connection, the speed starts to drop. I get different results depending on the speed test site. Try dslreports.com and testmy.com as alternative to speedtest.net. I stopped obsessing about it awhile back. It used to bug me a lot. At least I can watch 4k streaming with high quality. I had no issues watching live football games this past season. So it serves my purpose.

 

[unclebuk]

would one of them netgate routers on pfsense solve the limitations of the asus 88U cpu?

 

[Syn]

I am using expressVPN, mostly openVPN and L2TP; works fine here in SE Asia, USA netflix no problem, KODI streams well. Really strange thing is when I connect to the server in Bangladesh, my speed is 77 Mbps / 14, and I have a 35/15 fiber service from the ISP. Why the speed doubles using vpn baffles me. I use ookla for speed tests.

You should consider trying expressVPN (free trial for 7 days)....its more costly than some vpn services, but the only one that can unblock USA netflix to date.

I am pretty sure NordVPN unblocks USA netflix as well...

 

[unclebuk]

I am pretty sure NordVPN unblocks USA netflix as well...

and torguard as well it seems.

 

[Xentrk]

and torguard as well it seems.

Torguard is one of the few remaining VPN providers that can get around the the Nefluckus and Hula Hoop VPN blocks. The caveat is that you must subscribe to Torguard's Private IP service to get around the blocks. Yes, a few extra $$ each month. But worth it for me. I don't have any problems on my end.

Luckily, SlingTV does not block VPN and I hope they never do. I can change to the shared VPN servers to access FOX and NBC in different markets as those channels are limited based on geo location. I then change back to my private IP when I need to watch NF or H.

If this solution ever stops working, I will install a router at a relatives house in USA and configure with VPN Server on it as they can't block residential IP addresses.

 

[Syn]

Torguard is one of the few remaining VPN providers that can get around the the Nefluckus and Hula Hoop VPN blocks. The caveat is that you must subscribe to Torguard's Private IP service to get around the blocks. Yes, a few extra $$ each month. But worth it for me. I don't have any problems on my end.

Luckily, SlingTV does not block VPN and I hope they never do. I can change to the shared VPN servers to access FOX and NBC in different markets as those channels are limited based on geo location. I then change back to my private IP when I need to watch NF or H.

If this solution ever stops working, I will install a router at a relatives house in USA and configure with VPN Server on it as they can't block residential IP addresses.

you mentioned previously that you get great speeds not using any encryption, since you only use VPN to stream online content.

I am in the same boat as you, if I do shut off encryption what am I opening myself to when it comes to security?

 

[unclebuk]

you mentioned previously that you get great speeds not using any encryption, since you only use VPN to stream online content.

I am in the same boat as you, if I do shut off encryption what am I opening myself to when it comes to security?

I asked expressvpn how to remove encryption form an ovpn file, i think they thought i was a moron, or perhaps drunk, but cannot be done. I wouldn't know if the question/ request even makes sense, but I had to ask.
So, for resolving Netflix geo-blocking, the best solution I've found is use smartDNS or expressVPN's version called "mediastreamer". works awesome to access USA netflix, no encryption afforded though which is okay (I hope) for me as I stream USA netflix to apple TV or smart TV and use vpn on most other devices.
Just "test drove" airVPN, free 3 day trial, they're based in Italy, seems they have ultra high focus on net privacy and security and their product delivers, I was very impessed, but no Netflix USA solution.

all the best...
unclebuk

 

[Syn]

I asked expressvpn how to remove encryption form an ovpn file, i think they thought i was a moron, or perhaps drunk, but cannot be done. I wouldn't know if the question/ request even makes sense, but I had to ask.
So, for resolving Netflix geo-blocking, the best solution I've found is use smartDNS or expressVPN's version called "mediastreamer". works awesome to access USA netflix, no encryption afforded though which is okay (I hope) for me as I stream USA netflix to apple TV or smart TV and use vpn on most other devices.
Just "test drove" airVPN, free 3 day trial, they're based in Italy, seems they have ultra high focus on net privacy and security and their product delivers, I was very impessed, but no Netflix USA solution.

all the best...
unclebuk

I thought you can disable encryption through Merlin firmware?

Was going to give NordVPN a shot, they claim to have NETFLIX streaming

 

[Vimes]

Yea sure. welcome to the real world of routers with crappy cpu's
your speeds are normal and you will never get better than that. Its limitations due to decryption and the router just can't handle more than that.
Even though the cpu shows 50% use its false.
Maybe one day if routers go the AMD or Intel route with CPU and real dual or quad cores instead of these crappy cpus they use.
Just remember VPN was an option on these routers not a main feature. These routers pack a bunch of features with a very low price, this is why the cpu they use are more than fast enough for routing purposes but when VPN kicks in, well that's another matter altogether.
but for now enjoy what you have you will never get faster than 50mb/s period so stop worrying about it
You can or buy a mini PC with 2 network adapter try setting it up with pfsence. that will get you full power on VPN
but maybe after 1 year of pulling your hair and waiting for someone in the pfsence forum to help you out as I have seen others attempt with great failure.
bon chance

Whilst it might be an oldish post or has elements in it that can relate to.
My Netgear R7000 flashed with a Asus-WRT Merlin firmware was great to set up with a VPN client but when overclocked to 1.4ghz or 1.2 it would eventually reboot itself due to stability issues. The CPU was saturated trying to cope with decryption without AES instructions.

Using a J3355B-ITX build and pfsense has been great for around 15 to 20% utilisation when downloading at full speed but setting it up was, for me, a nightmare.

Eventually finding a guide helped to get it up and going but that wasn't due to learning but just copying.

If a VPN was given a higher emphasis with consumer routers then decent CPU's might get used.

The Linksys Acs1900 with its 1.6ghz CPU and the 3200 with its 1.8ghz ARM CPU might be useful for some VPN connections.