decent openvpn router ?

[houmi]

So I currently own two WNDR3700 (v1 as gateway & v2 as AP/extender) - recently I have been looking into using openvpn on a router (specific provider & PIA) so flashed these routers... I first had issues with the v2 and dd-wrt (reboot loop) and ended up putting gargoyle on both of them. It works ok and I was able to set up openvpn and run it, however it's much slower than my internet speed (2/2 Mbps as opposed to 100/5)

So I've been reading quite a bit of posts here and reddit. Is the consensus that AC88U is the way to go for openvpn ? Are there specific benchmark/performance pages on openvpn speed on those ?

I had been thinking to get the RT-AC88U AC3100 (I need 8 ports) for my Gateway, but I'd probably need another (cheaper) one for my second floor to replace my AP. Or I could continue using my AP as is...

Unless there are other devices that people do like and would recommend here ?

Thanks for any suggestions!

 

[psychopomp1]

I would highly recommend the Netgear R9000. Its giving me speeds of 60-70 mbps on my 80/20 mbps vdsl2 line when connected to airvpn in vpn server mode - no other router has given me speeds greater than 30 mbps previously on openvpn. I suspect the 1.7ghz quadcore CPU coupled with 1GB ram on the R9000 plays a big factor in getting decent openvpn speeds.

 

[Xentrk]

So I currently own two WNDR3700 (v1 as gateway & v2 as AP/extender) - recently I have been looking into using openvpn on a router (specific provider & PIA) so flashed these routers... I first had issues with the v2 and dd-wrt (reboot loop) and ended up putting gargoyle on both of them. It works ok and I was able to set up openvpn and run it, however it's much slower than my internet speed (2/2 Mbps as opposed to 100/5)

So I've been reading quite a bit of posts here and reddit. Is the consensus that AC88U is the way to go for openvpn ? Are there specific benchmark/performance pages on openvpn speed on those ?

I had been thinking to get the RT-AC88U AC3100 (I need 8 ports) for my Gateway, but I'd probably need another (cheaper) one for my second floor to replace my AP. Or I could continue using my AP as is...

Unless there are other devices that people do like and would recommend here ?

Thanks for any suggestions!

I run OpenVPN client on 2 RT-AC88U and really like them. From my testing, distance from server and encryption levels, and CPU play a factor in performance. My CPU hardly gets taxed though. Distance is my big variable since I connect to a server on west coast USA.

I also have the pfsense box in my signature. Dual core ATOM D5220 1.86Ghz. I get the same performance as the AC88U. Once OpenVPN is multi core threaded, then perhaps it will perform better. It has a built in fan so one can hear it hum when in the same room.

If you like to tinker, you can build your own.

https://www.pfsense.org/products/

 

[houmi]

I would highly recommend the Netgear R9000. Its giving me speeds of 60-70 mbps on my 80/20 mbps vdsl2 line when connected to airvpn in vpn server mode - no other router has given me speeds greater than 30 mbps previously on openvpn. I suspect the 1.7ghz quadcore CPU coupled with 1GB ram on the R9000 plays a big factor in getting decent openvpn speeds.

Thanks for your reply, That looks very slick! but it's a bit pricey since I may need two of them...

I run OpenVPN client on 2 RT-AC88U and really like them. From my testing, distance from server and encryption levels, and CPU play a factor in performance. My CPU hardly gets taxed though. Distance is my big variable since I connect to a server on west coast USA.

I also have the pfsense box in my signature. Dual core ATOM D5220 1.86Ghz. I get the same performance as the AC88U. Once OpenVPN is multi core threaded, then perhaps it will perform better. It has a built in fan so one can hear it hum when in the same room.

If you like to tinker, you can build your own.

https://www.pfsense.org/products/

Thanks for your reply, what are the CPU utilization on your AC88U ? If you get 100%, do they get hot / fans kick in ?

tbh - I really like my current configuration, I rely heavily on wired network and my WNDR3700 routers are connected via gigabit across the house and they just emit the same ssids, so you can roam fairly well and I never believed in very expensive wireless routers, though I do need wireless as well for such iDevices / AppleTV / etc...

I had started looking into wired only routers as well (so I do keep my APs), then stumbled across building it myself as a mini-PC and use pfsense, so I'll definitely check those products.

But as far as "consumer" wireless routers go, it seems AC88U should be the minimum these days for openvpn (R9000 being ideal) ?

 

[psychopomp1]

Thanks for your reply, That looks very slick! but it's a bit pricey since I may need two of them...

Not really, I see 3rd party vendors are selling a brand new R9000 starting from $200 on Amazon.com. Compared to $270 for the RT-AC88. So a no brainer given the R9000 is cheaper than the RT-AC88U (and least on Amazon)

 

[yorgi]

I run OpenVPN client on 2 RT-AC88U and really like them. From my testing, distance from server and encryption levels, and CPU play a factor in performance. My CPU hardly gets taxed though. Distance is my big variable since I connect to a server on west coast USA.

I also have the pfsense box in my signature. Dual core ATOM D5220 1.86Ghz. I get the same performance as the AC88U. Once OpenVPN is multi core threaded, then perhaps it will perform better. It has a built in fan so one can hear it hum when in the same room.

If you like to tinker, you can build your own.

https://www.pfsense.org/products/

mutlicore thread on OpenVPN won't make a difference because it doesn't support it yet.
I think they where talking about implementing it soon. but no sure when.

 

[houmi]

Not really, I see 3rd party vendors are selling a brand new R9000 starting from $200 on Amazon.com. Compared to $270 for the RT-AC88. So a no brainer given the R9000 is cheaper than the RT-AC88U (and least on Amazon)

There was just one person selling it for $200 and had 2 ratings... but in average it's around $400

Maybe in a few months... thanks.

 

[psychopomp1]

There was just one person selling it for $200 and had 2 ratings... but in average it's around $400

Maybe in a few months... thanks.

Fair enough. But there's a good chance Amazon's own price will fall to less than $400 sooner or later. I bought my R9000 on Amazon black friday sale for $350, however even for 1-2 weeks after Black Friday Amazon had this for sale for between $350-$400 so I think its only a matter of time before Amazon drops the price again. Its currently $480.

 

[psychopomp1]

I should also add that sometimes you can get bargains on Amazon or ebay, especially if the seller just wants a quick sale and didn't even purchase the item in the first place, ie unwanted gift or competition prize. For example not too long ago, I purchased a brand new Bowflex TC200 Treadclimber (type of treadmill) for 'only' $1100 on ebay whereas RRP is $3200. So maybe, just maybe, that R9000 for $200 really is genuine but obviously I understand your scepticism

 

[joegreat]

I had been thinking to get the RT-AC88U AC3100 (I need 8 ports) for my Gateway, but I'd probably need another (cheaper) one for my second floor to replace my AP. Or I could continue using my AP as is...

Unless there are other devices that people do like and would recommend here ?

VPN processing is CPU bound (scales with CPU performance). The small ARM CPUs in the routers are not build for that and you need live with the limited VPN performance.
Simply go for the fastest router CPU you can get (or overclock it as I do).

For full performance you need to get a device which has a CPU that supports hardware acceleration for encryption (e.g. an Intel CPU in a pfsense appliance).

 

[RMerlin]

mutlicore thread on OpenVPN won't make a difference because it doesn't support it yet.
I think they where talking about implementing it soon. but no sure when.

Years ago, they talked about targeting OpenVPN 3.0 for multi-threading. But that was years ago, no idea if that time table still stands, especially with 2.4 having been released only a few weeks ago.

 

[houmi]

Fair enough. But there's a good chance Amazon's own price will fall to less than $400 sooner or later. I bought my R9000 on Amazon black friday sale for $350, however even for 1-2 weeks after Black Friday Amazon had this for sale for between $350-$400 so I think its only a matter of time before Amazon drops the price again. Its currently $480.

Yeah once I am 100% sure of what I want in terms of wireless routers, I'll look for the deals.

I should also add that sometimes you can get bargains on Amazon or ebay, especially if the seller just wants a quick sale and didn't even purchase the item in the first place, ie unwanted gift or competition prize. For example not too long ago, I purchased a brand new Bowflex TC200 Treadclimber (type of treadmill) for 'only' $1100 on ebay whereas RRP is $3200. So maybe, just maybe, that R9000 for $200 really is genuine but obviously I understand your scepticism

I've just been around for way too long and have used ebay and amazon since their startups... so been burned quite a bit in the process. One of the reasons I only buy from a few places like B&H, Amazon.com and fulfillment and newegg mostly.

By the way Yorgi asked you a question above, but he put the message inside of the original quote, here it is:

"What encryption are you using to get those speeds with your router?
From what I know OpenVPN doesn't support mutli core cpu yet.
I am surprised with your results.
A 88u can do up to 50-60mb/s on a VPN depending if the server permits these speeds.
Encryption is the biggest hog for the speeds. So its interesting that you can get speeds like that "

VPN processing is CPU bound (scales with CPU performance). The small ARM CPUs in the routers are not build for that and you need live with the limited VPN performance.
Simply go for the fastest router CPU you can get (or overclock it as I do).

For full performance you need to get a device which has a CPU that supports hardware acceleration for encryption (e.g. an Intel CPU in a pfsense appliance).

Yeah the more I read about these on reddit/here and other forums for third party firmware, CPU performance and RAM seemed to be the issues. I guess encrypting/de-encrypting multiple packets can cause such fluctuations in speeds...

My main openvpn box is an intel i7, but I wanted it to be in the background hence the router solution... the good thing about the pfsense appliances is that they're very fast, but the on the down side I'd have to put them in between the modem and the wireless AP and I am already running out of network ports even with an extra switch, so the AC88U with the 8 ports or the R9000 do make sense in that regards.

Thanks!

 

[Xentrk]

Thanks for your reply, That looks very slick! but it's a bit pricey since I may need two of them...

Thanks for your reply, what are the CPU utilization on your AC88U ? If you get 100%, do they get hot / fans kick in ?

tbh - I really like my current configuration, I rely heavily on wired network and my WNDR3700 routers are connected via gigabit across the house and they just emit the same ssids, so you can roam fairly well and I never believed in very expensive wireless routers, though I do need wireless as well for such iDevices / AppleTV / etc...

I had started looking into wired only routers as well (so I do keep my APs), then stumbled across building it myself as a mini-PC and use pfsense, so I'll definitely check those products.

But as far as "consumer" wireless routers go, it seems AC88U should be the minimum these days for openvpn (R9000 being ideal) ?

My use of VPN does not tax my cores at all. But I use no encrypytion. Streaming a 4K video ranges from Core 1 4% and Core 2 8%. 9 and 10 percent respectively when running a speed test.

I don't believe the AC88U has a fan built in. I use USB powered cooling pads. They reduce the temps about 20c. That is a big difference. I installed them at two sites I support this week. Went from 88C to 68C. The temperature on the devices at my house are 65C right now.

 

[houmi]

My use of VPN does not tax my cores at all. But I use no encrypytion. Streaming a 4K video ranges from Core 1 4% and Core 2 8%. 9 and 10 percent respectively when running a speed test.

I don't believe the AC88U has a fan built in. I use USB powered cooling pads. They reduce the temps about 20c. That is a big difference. I installed them at two sites I support this week. Went from 88C to 68C. The temperature on the devices at my house are 65C right now.

Very cool!

I am leaning toward getting two of these, but will probably wait until they go on sale.

What firmware do you recommend on these ? Merline, DD-WRT or Advance Tomato ?

 

[Xentrk]

Very cool!

I am leaning toward getting two of these, but will probably wait until they go on sale.

What firmware do you recommend on these ? Merline, DD-WRT or Advance Tomato ?

I originally started on DD-WRT on a D-Link and still support one at a site. I will install OpenVPN server on it tomorrow so staff can remote in to view security camera. Plus, I also need to do remote support. It is good firmware. But I really like the Merlin FW and the support on this site. I have two at home and a third at another site I support. I have seen threads where people have switched between the two. But there is one model of ASUS that was not playing nice with dd-wrt last summer. You can go visit the dd-wrt forums to see what issues others are having. Based on my experiences though, I prefer Merlin. But there are others who probably prefer dd-wrt. Tomato I have no experience with. Another forum user tried it recently when trying to debug an issue and said it was not for him. I know the access restrictions on the dd-wrt web GUI is buggy from my experiences and from what others have reported. As a result, I had to write iptable scripts and put them in a cron job as a work around. Just have fun and know you can switch between the two if need be. Read the wiki and install instructions very carefully if you choose dd-wrt. The risk of bricking a router is higher and it happened to me. I had to open up the router, figure out the serial connections, solder in some pins and recover one using a ttl to USB serial connection one time. Not fun. Bad version of The firmware hit several of us who had dlink 880l's.

Kind of like Coke vs Pepsi? There is a place for all of them which makes things interesting.

EDIT: One complaint I do have with dd-wrt is that many of the wikis are out of date. It can be very frustrating and time consuming trying to find how it should really work.

 

[doczenith1]

So I've been reading quite a bit of posts here and reddit. Is the consensus that AC88U is the way to go for openvpn ? Are there specific benchmark/performance pages on openvpn speed on those ?

My speeds with PIA on a 3100 are:

AC3100
CTF enabled
DL: 61 Mbps with core 1 at 25%, core 2 at 75%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

This is using the recommended settings from the PIA website. I believe there might be some tweaks that might help in the sticky thread in this forum but I have not messed with any of them yet.

More info here: http://www.snbforums.com/threads/asus-rt-ac88u-asuswrt-merlin-380-64-vpn-connection-slow.36552/

 

[sfx2000]

Years ago, they talked about targeting OpenVPN 3.0 for multi-threading. But that was years ago, no idea if that time table still stands, especially with 2.4 having been released only a few weeks ago.

Always wondered how the big VPN providers get things to scale out - one assumes that they just spawn dozens of processes - maybe even with XEN or KVM...

Do wish they would have put a bit more effort into things like DTLS and STCP, as this would help out with some of the performance and stability issues...

 

[houmi]

My speeds with PIA on a 3100 are:

AC3100
CTF enabled
DL: 61 Mbps with core 1 at 25%, core 2 at 75%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

This is using the recommended settings from the PIA website. I believe there might be some tweaks that might help in the sticky thread in this forum but I have not messed with any of them yet.

More info here: http://www.snbforums.com/threads/asus-rt-ac88u-asuswrt-merlin-380-64-vpn-connection-slow.36552/

Those are very good speeds!

Did you ever ssh to the router to see which process is eating all the CPU % ? is it openvpn process ?

I saw one of the AC88U at the store, it is definitely bulkier than my current router which can be also set vertically as well, I just wish it was a bit smaller.

 

[houmi]

[...]
More info here: http://www.snbforums.com/threads/asus-rt-ac88u-asuswrt-merlin-380-64-vpn-connection-slow.36552/

So I went to Best Buy today to pick up the AC88U, but they only had the AC3100 , next to it was the AC1900 (AC68U) and that one seemed smaller / less bulkier...

By your results I've been thinking I may just get to AC68U instead... VPN speeds will be less which is OK, the AC88U/AC3100 seem a bit massive for my taste.

 

[doczenith1]

I have zero experience with SSH. What I have noticed just from observations during different types of test is that core 1 seems to be more responsive to NAT type stuff while core 2 reacts to heavy wifi usage and based on the vpn test core 2 also appears to handle the vpn traffic/encryption. When not using the openvpn client I'll see high core 1 usage and negligible core 2 usage during speedtest.

Look for the RT-AC1900P model as it's the newer version of the 68U and has the same dual core 1.4 Ghz processor as the 88u/3100. Make sure to read this thread before purchasing a 1900 class Asus router. http://www.snbforums.com/threads/rt-ac68u-rt-ac68p-rt-ac1900-rt-ac1900p.35759/