[AX88U] Issues with OpenVPN hardware acceleration

[attaxia]

I bought a AX88U to use with OpenVPN due to the fact that it's CPU should support hardware acceleration for the encryption.
I got this information from here: https://www.privateinternetaccess.com/blog/hardware-acceleration-is-here-for-routers-using-openvpn/

However, when using the OpenVPN client my speeds are still limited and I see one core at 100%, suggesting that it is not working. The link above for example shows a download of 160mbit with 1% CPU usage with working hardware acceleration.
In the image below you can view my VPN configuration. I'm on 384.19.

Thanks for any help.

 

[eibgrad]

You need to be more specific when it comes to your performance numbers, because "still limited" is a relative statement. *ALL* hardware/connections, even the best, are always limited to something. What limits does your ISP and VPN provider place on your connections? And what are you seeing when both are tested?

It matters because the *primary* reason why the VPNs on these consumer routers so often less than stellar is because of the low-end processors, and just general weaknesses of the hardware architecture, NOT encryption. Yes, hardware encryption helps, but in the big scheme of things, relative to the overall hardware and its inherent limitations, it offers only relatively minor improvements.

The good news is, your particularly router *is* quite powerful and should perform well as an OpenVPN client, esp. when compared to other lesser routers. But even the best hardware always has a limit. And w/ no hard numbers, I have no idea if we're talking about your router only delivering 750Mbps of the 1Gbps your ISP and VPN provider are promising, OR, you're only getting 50Mbps. Those represent vastly different problems. And it's unlikely that the difference can be explained due to a lack of hardware acceleration. As I said, hardware encryption makes a difference, but NOTHING like that!

 

[attaxia]

I get about 80 mbit out of 300 without VPN.
I'm also concerned about the long term effects of the CPU running at 100%, which shouldn't be the case if hardware acceleration works, according to the article I linked.

 

[RMerlin]

I'm also concerned about the long term effects of the CPU running at 100%, which shouldn't be the case if hardware acceleration works, according to the article I linked.

It`s hardware acceleration at the CPU level, not hardware offloading. VPN encryption is still handled by the CPU, only that the CPU offers AES and SHA-dedicated operands to make the code run faster.

Using TLS encryption and a CBC cipher with SHA512 will add a good bit of overhead. You will also be limited by the speed of the remote server.

 

[Valyno]

Hello Attaxia,

I have the very same routeur as yours and I bought for the very same reason: I wanted hardware acceleration for my VPN client.
At this moment, I have 2 VPN connections live on my router, and the CPU usage is very low. The client connected to the two VPN instances are not using much bandwith at the moment.

As for the downlaod speed, it might come from your VPN provider.
To compare, I would:
- run 3 speedtests from a computer directly connected to the router with RJ45 with no VPN
- then install the VPN client (if any) on the computer and re-run 3 tests while connected to your VPN provider. Select a server exiting in the same country as you, even better, the same city
- then disconnect the PC from the VPN client
- Connect the VPN client of the router to the same VPN server used on the PC
- force the traffic of the PC througth the VPN tunnel on the router and run again 3 tests

Compare the results of these various tests.
The server selected on the speedtest website might influence as well. So if you are exiting in a foreign country, the speedtest will connect to it's closest server, but very far from you.

If the comparison of the bandwith between the PC alone and the PC connected to your VPN with the client on the PC are much differents, then it is your VPN provider that is the bottleneck.
On the contrary, if the perf drop is minimum, compared to the perf drop with the PC connected trhough the router's VPN client, then it is your router that is very likely to be the bottleneck.

I have been using my AX88U for a while with these 2 VPN instances without noticable lack of performance (home fiber 1GB/400MB.
But I am not doing regular tests either...

I will do some tests and I will comment back...
My VPN provider is NordVPN.
I also have Newshosting VPN to test with...

 

[doczenith1]

However, when using the OpenVPN client my speeds are still limited and I see one core at 100%, suggesting that it is not working. The link above for example shows a download of 160mbit with 1% CPU usage with working hardware acceleration.
In the image below you can view my VPN configuration. I'm on 384.19.

Just for shirts and giggles give these settings a try. I manage around 250 Mbps with my 86U. Don't be alarmed by the Auth digest = none. It is included in the GCM cipher.