What's new

Asus RT-AX86U VPN - Slow with StarVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

JamesJeffries

New Around Here
Not that technical, so excuse me in advance.

Using an Asus RT-AX86U with latest version of Merlin (386.7)

I am using OpenVPN via StarVPN, a residential VPN provider.

Regular ISP speed is around 90 mbps without VPN.

I installed OpenVPN on my MacBook and iPhone (without using the router-VPN setup) and got around 40 mbps (worse than standard ISP speed, but still adequate for me and am able to do my work)

However, when running the VPN on the ASUS router I receive very slow speeds (7 mbps)

90 MBPS (Regular ISP) ---> 40 MBPS (OpenVPN on MacBook/iPhone) ---> 7 MBPS (OpenVPN on Asus RT-AX86U router)

What could I be doing wrong?

StarVPN Technical Support was able to connect to my designated global access point (Turkey) and then to the servers I've been trying to connect to (Virginia & California, USA) and they get 40 MBPS, so all the evidence is pointing to the VPN-router setup, or the router itself.

I previously tried a GL AR750S Ext Slate router, and had the same exact speeds/issue, which is why I bought this Asus RT-AX86U.

Screenshots shared below (VPN is turned on) -


1656256011002.png


1656256037494.png


1656256065757.png


1656256569805.png


1656256751038.png
 
That kind of performance w/ OpenVPN on the RT-AX86U is definitely NOT normal. That router is more than capable of 200Mbps w/ the VPN, and perhaps more.

I don't know how much this is playing a role, if at all, but I see your ASUS router's WAN is *private* (192.168.70.133), which tells me your ISP device is actually a combo modem+router, and thus hosting it's own IP network and managing the public IP. Ideally, you would configure the ISP device for bridging so your own ASUS router got the public IP. It would also bypass any ISP hosted features on his router (NAT, firewall, QoS, etc.) that *might* be dragging down your performance.
 
That kind of performance w/ OpenVPN on the RT-AX86U is definitely NOT normal. That router is more than capable of 200Mbps w/ the VPN, and perhaps more.

I don't know how much this is playing a role, if at all, but I see your ASUS router's WAN is *private* (192.168.70.133), which tells me your ISP device is actually a combo modem+router, and thus hosting it's own IP network and managing the public IP. Ideally, you would configure the ISP device for bridging so your own ASUS router got the public IP. It would also bypass any ISP hosted features on his router (NAT, firewall, QoS, etc.) that *might* be dragging down your performance.

Thanks for this information.

However, when using my MacBook/iPhone via the OpenVPN application (not installing the VPN on the ASUS router itself), I get 40 mpbs (much better speeds).

If the ISP modem/router combo were the issue, why would I be getting good speeds when using the OpenVPN application on my MacBook/iPhone?
 
Thanks for this information.

However, when using my MacBook/iPhone via the OpenVPN application (not installing the VPN on the ASUS router itself), I get 40 mpbs (much better speeds).

If the ISP modem/router combo were the issue, why would I be getting good speeds when using the OpenVPN application on my MacBook/iPhone?

As I said, I'm NOT actually convinced it is a problem. But there wasn't much else that could explain any differences, at least not based on what little I know about your configuration. 7Mbps isn't just slow, it's ridiculously slow, as if something is interfering w/ the VPN client on the router. But I'm stumped as to what that could be. I thought maybe the issue is upstream on the ISP's modem+router, and by using bridge mode, you'd take his IP network out of the picture. But that's pure just speculation. I just don't have any better ideas at the moment.
 
Check the syslog for the router to see if there's anything unusual, esp. wrt openvpn messages.

Code:
grep openvpn /tmp/syslog.log
 
I see your ASUS router's WAN is *private* (192.168.70.133), which tells me your ISP device is actually a combo modem+router, and thus hosting it's own IP network
Doesn't make as much of a difference these days as it used to in the past.

I switched to TMHI and the gateway doesn't have a bridge mode as of the current FW that's running on it and there are definitely some quirks to it to say the least but, I'm getting full speeds even with a crappy NAT scenario using Nord / WG.

IPV6 <v6>v4> TMHI <v4> NAT <v4> NAT <v4> Nord

The VPN cuts through all of the BS in the path out to the real world and bypassing the cluster F of routing within TM as there's about 4-5 hops that are obfuscated by Ipv6 translations before hitting their edge and then exiting to the public IP space.

7mbps though is a bit of an issue for the OP. 40 vs 7 usually seems to point to the CPU / NAT / TrenMicro on the router being turned on causing a resource issue then again OVPN is notoriously slow to begin with. It's hitting about 50% of bandwidth which is to be expected on the PC / Phone.

I would start with a traceroute comparing no VPN and w/ VPN to see where the traffic path starts introducing latency. If it's still within S-VPN then connecting to a different server should resolve the issue but, if it's outside of S-VPN and introduced say by a government device in the path for censorship / filtering purposes it might be overloaded and bogging down the connection.
 
Apologies for bringing up an old thread, can your Asus RT-AX86U do wireguard? I am a fellow StarVPN user here, and they do provide you with a wireguard config file, I used to use the OVPN protocol, primarily with the LA server, but I do find it to be slow, wireguard is quick for me, my ISP line is 100Mbps, and I can speed test around 85Mbps using StarVPN's wireguard config file. You just need to change the end point address wg.starhome.io to the sever you want to connect to.
 
Apologies for bringing up an old thread, can your Asus RT-AX86U do wireguard? I am a fellow StarVPN user here, and they do provide you with a wireguard config file, I used to use the OVPN protocol, primarily with the LA server, but I do find it to be slow, wireguard is quick for me, my ISP line is 100Mbps, and I can speed test around 85Mbps using StarVPN's wireguard config file. You just need to change the end point address wg.starhome.io to the sever you want to connect to.

@jberry - Thanks. Which StarVPN server location are you connecting to with the Wireguard config file?

What type of server? (Residential, Datacenter, etc.)

Also, where are you physically located and which ISP are you using?
 
@jberry - Thanks. Which StarVPN server location are you connecting to with the Wireguard config file?
I am connecting to: vpn.udp.us-west.starhome.io I just do the nslookup for this domain and I replace the wg.starhome.io URL with the IP address.
What type of server? (Residential, Datacenter, etc.)
I have the $20 / month Residential Plan, so I do an LA AT&T IP Residential / Business Address, just because my entire router is on VPN, and I need all websites to be accessible, banking, paypal, retail, ebay, macys, etc.

Also, where are you physically located and which ISP are you using?
Located on the island of Guam, we have a direct under sea cable from here to LosAngeles ping is 113ms or 116ms somewhere around there. Since we are a US territory we get all streaming here, but my ISP which is GTA (GTA.net) doesn't give its customers static IPs, so it changes everytime I disconnect (one of the reasons why I prefer a VPN), and at times connecting through a VPN tunnel, makes the browsing seem faster, and some downloads are faster too, also I get tired seeing some of my local ads, and seeing the stateside ads is refreshing. I am using StarVPN on my NetGear R9000 router.

Also unofficial StarVPN server listing:

Code:
vpn.udp.il.starhome.io
vpn.udp.au.starhome.io
vpn.udp.ca-east.starhome.io
vpn.udp.de.starhome.io
vpn.udp.es.starhome.io
vpn.udp.gb.starhome.io
vpn.udp.il.starhome.io
vpn.udp.it.starhome.io
vpn.udp.in.starhome.io
vpn.udp.ru.starhome.io
vpn.udp.us-central.starhome.io
vpn.udp.sg.starhome.io
vpn.udp.us-east.starhome.io
USA Miami: 104.156.244.232
West USA: vpn.udp.us-west.starhome.io
 
I am connecting to: vpn.udp.us-west.starhome.io I just do the nslookup for this domain and I replace the wg.starhome.io URL with the IP address.

I have the $20 / month Residential Plan, so I do an LA AT&T IP Residential / Business Address, just because my entire router is on VPN, and I need all websites to be accessible, banking, paypal, retail, ebay, macys, etc.


Located on the island of Guam, we have a direct under sea cable from here to LosAngeles ping is 113ms or 116ms somewhere around there. Since we are a US territory we get all streaming here, but my ISP which is GTA (GTA.net) doesn't give its customers static IPs, so it changes everytime I disconnect (one of the reasons why I prefer a VPN), and at times connecting through a VPN tunnel, makes the browsing seem faster, and some downloads are faster too, also I get tired seeing some of my local ads, and seeing the stateside ads is refreshing. I am using StarVPN on my NetGear R9000 router.

Also unofficial StarVPN server listing:

Code:
vpn.udp.il.starhome.io
vpn.udp.au.starhome.io
vpn.udp.ca-east.starhome.io
vpn.udp.de.starhome.io
vpn.udp.es.starhome.io
vpn.udp.gb.starhome.io
vpn.udp.il.starhome.io
vpn.udp.it.starhome.io
vpn.udp.in.starhome.io
vpn.udp.ru.starhome.io
vpn.udp.us-central.starhome.io
vpn.udp.sg.starhome.io
vpn.udp.us-east.starhome.io
USA Miami: 104.156.244.232
West USA: vpn.udp.us-west.starhome.io

@jberry - Great, thanks for this information.

Are you running a VPN directly on your router, or are you using VPN software on your computer (i.e. Are you using a hardware VPN, or software VPN?)
 
@jberry - Great, thanks for this information.

Are you running a VPN directly on your router, or are you using VPN software on your computer (i.e. Are you using a hardware VPN, or software VPN?)
You are welcome!

Yes, running the VPN directly on my NetGear R9000 router, using Voxel's latest firmware and Kamoj beta addon (I am a beta tester), the Kamoj addon enables the R9000 to have a wireguard client. So all hardware VPN, StarVPN isn't the fastest VPN around, most of the time I can speed test at 80Mbps, but doesn't max out my ISP speeds (100Mbps), like TorGuard and Windscribe Residential VPN does, but StarVPN has the best quality IP available, also the streaming is very reliable and speeds are very consistent, TorGuard at times gets very slow. StarVPN is more expensive too, even latency is higher, support gets back to me once a day, but again best quality IP you can get. See screenshot for WG client on R9000 router.
 

Attachments

  • Screen Shot 2022-08-22 at 6.31.58 AM.png
    Screen Shot 2022-08-22 at 6.31.58 AM.png
    169.7 KB · Views: 72
TorGuard and Windscribe Residential VPN does, but StarVPN
Out of these I've tested Torguard and never heard of the others but, I only use WG based options and on Linux as a router.

I did test a good handful of them though when I was up for renewal last year w/ Nord and they all had some issues with Linux. A couple of them only launched if I automated the login w/o a password and put them into the startup option. Most of them didn't really do line rate speeds when testing with a 1200/40 w/ Comcast.

Nord is great for higher speed connections on HW that can hit line rate which isn't most consumer routers. Most routers only go up to 500-600mbps due to the CPU bottleneck and how they only use 1 core for VPN instead of multi-core. Nord though is usually the cheapest option @ ~$2/mo when you sign up for 2-years and less when they had a 3-year plan option and stack some discount/rebate codes on top for another $20-$35 off the total. I think the lowest 3-year renewal I got with stacked discounts was ~$70

Everyone is different though and with routers off the shelf you're limited usually by their preferred option unless you put a different ROM on them to enable more options. Still hobbled though by the CPU

I just downloaded NordPass though for a better solution for PW management and there's a couple of codes if you want to go premium that take down to $0.90/mo ~60% off the normal price but, debating on if I really need access from 6 devices at the same time w/o logging out another one when signing into a different one. I guess I'm prepping to dump Chrome if I can find something that works better. I tried FF for less than 24 hours though recently due to it having some issues I didn't agree with. //ramble done//
 
Out of these I've tested Torguard and never heard of the others but, I only use WG based options and on Linux as a router.
I do have a Dedicated IP with NordVPN, sadly on that server I cant get a Wireguard config file, I was only able to get Wireguard config files from the public servers. Even though I connect via OpenVPN to Nord's dedicated IP, the connection is very fast, it maxes out my 100Mbps, some sites do recognize it as a VPN, but majority of sites I can access which is nice. Sometimes streaming is slow on NordVPN, since they use their own like smart dns internally, but gotta admit NordVPN is plenty fast.
 
@jberry


If you want to find the server w/ WG just do a find on your current server and then look for wireguard_udp to find a server that does have it enabled. If you want to grab servers with your location / proximity find your server and use the lat/long to find servers. Out of the 5200 servers w/ WG there should be one that's close and works.

There's a chance it does support WG and you just need to use some tricks to grab the info for the server key / etc. to impot them into a file and apply it to the router.
 
here's a chance it does support WG and you just need to use some tricks to grab the info for the server key / etc. to impot them into a file and apply it to the router.
Yes, thank you for that :) I just searched my dedicated IP server and sadly ""wireguard_udp":false" - So I can only connect via OVPN UDP to it. I just like using the dedicated IP from Nord, a lot of sites do work, and some dont detect it as a VPN.
 
Well, you can still use a dedicated server as configured just use one with WG enabled.

VPN IP detection is a pita sometimes. Nord rotates IPs though frequently because of this and sometimes a random server being picked helps. I have a spreadsheet going because some banks work in one and not the other. It's kind of dumb that they tell you to secure your network but then deny entry from VPN at the same time.
 
Well, you can still use a dedicated server as configured just use one with WG enabled.
All of NordVPN's dedicated IP servers do not have wireguard enabled sadly :( I do have my dedicated IP in LosAngeles, and all banking sites work with it no problem, kinda expensive for the whole year, but its worth it, I just dont think streaming is that reliable.
 
You can set a preferred server to connect to every time and that's "dedicated" from the standpoint you're always connecting to the same server. Now, if the IP changes on said server that is a small issue to deal with.

For instance in linux I would just pit in a startup entry for "nordvpn c us1234" and every reboot would reconnect to that server. Then edit the nordvpnd service file to make sure it's always reconnecting if it drops.

Ok... I've looked into this whole dedicated IP BS... so, they splice off a single unshared IP for an additional fee vs the normal proxy setup. So, let me get this sorted... .You buy the normal subscription for ~$70 / 2 years and then a static IP for another $70/yr?

 
Last edited:
Ok... I've looked into this whole dedicated IP BS... so, they splice off a single unshared IP for an additional fee vs the normal proxy setup. So, let me get this sorted... .You buy the normal subscription for ~$70 / 2 years and then a static IP for another $70/yr?
Yes, normal VPN service, then I add on a Static Dedicated IP that only you use for additional cost, oh its $70/year? I thought it was more, I must be thinking of windscribe, windscribe is like $96 per year. Here is the thing, the dedicated IP you get is in a totally different block from the IPs that the shared servers give you even the "dedicated IP" servers, I think even different ASN, even if I connect to the "dedicated ip" server, my IP totally changes to my dedicated IP, it is like an actual ISP address, when I do speedtests, it actually says "NordVPN" as my ISP, and as a result the IP is pretty clean, even https://ipctx.me says its "not anonymous". Also my dedicated IP from NordVPN, on its native IP, I get the full Netflix USA catalog, but what's weird is Hulu, Hbomax, disneyplus, amazon prime, blocks it, thats when I use its Nord DNS to unblock it. Even https://ipinfo.io says VPN: False.
 
SMH... I would probably drop the static IP due to cost and just connect to the regular service and then tack on a proxy IP for specific geo fenced services that whine about using a VPN.


I'm thinking this would suffice for geo fencing vs the full vpn / static IP. Still have the subscription for the normal service but drop the additional $70/yr for the IP.


Non-authoritative answer:
Name: los-angeles.us.socks.nordhold.net
Address: 66.151.209.211

Less likely most users would be using this for things that gets shared IPs banned from services.

The alternative could be renting a server in a COLO for a few bucks a month and setting up a VPN server on it to connect to. IIRC you can pick up a shared server slot for ~$5/mo but, if you start adding things to the package it adds up quickly. Even though at $10/mo you'd still be saving $20/yr and if you need to swap the IP you're able to.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top