Menu
What's new
By:
Filters Better Search

Enough CPU capacity for VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

James Rogers

New Around Here
I am in the US. I have set up an openvpn on my ASUS RT-AC5300 router which I purchased due to its ability to run a VPN. I am lucky enough to have a gigabit connection. I am running a wired connection to my desktop and to my Roku device. With the VPN on the router disabled, I am getting speeds on the desktop of about 945 Mbps down and 650 up. With the VPN on the router connected, I am getting speeds of about 35 up and 40 down on the desktop. Plus, my Ruku device has major difficulty streaming Netflix and Amazon will not stream at all.

For obvious reasons, I wanted to use the VPN on the router, but the reduction in speed and lack of streaming ability are prohibitive. On my AC wireless laptop with the VPN connected, I am getting about 55 down and 108 up. Off, I am getting 220 up and 225 down. So, the VPN on the laptop and desktop is substantially reducing speeds, but not as much as it is being reduced with the VPN on the router. Ideas? Suggestions? Thanks. Using speedtest.net

Also, can anyone suggest a router with enough CPU to handle the openvpn encryption and maintain a descent bandwidth?
 
There aren't really any consumer-grade routers with CPUs fast enough for gigabit speeds. The most inexpensive option I know of is using a desktop/server PC as your router (pfSense or similar). A CPU with AES-NI offloading is optimal.
 
Nullity,
Thanks for responding. I was hoping for an easier solution than pfSense. I had heard that software required some fairly advanced configuration. However, I will keep your suggestion in mind. Thanks again.
 
James Rogers said:
I am in the US. I have set up an openvpn on my ASUS RT-AC5300 router which I purchased due to its ability to run a VPN. I am lucky enough to have a gigabit connection. I am running a wired connection to my desktop and to my Roku device. With the VPN on the router disabled, I am getting speeds on the desktop of about 945 Mbps down and 650 up. With the VPN on the router connected, I am getting speeds of about 35 up and 40 down on the desktop. Plus, my Ruku device has major difficulty streaming Netflix and Amazon will not stream at all.

For obvious reasons, I wanted to use the VPN on the router, but the reduction in speed and lack of streaming ability are prohibitive
Click to expand...

Reset your expectations - VPN is going to incur more (and with OVPN much more) overhead...

If you don't need it, don't use it.

Is it a want or a need?
 
Even with a very robust processor and Pfsense your speed will be impacted. The VPN providers just can't or won't provide you with that much throughput. As more people with higher speed connections start using VPNs the my VPN download speeds continue to decrease. Six months ago I was able to get 175 Mbps downloads on my PC running a VPN connection fairly consistently. Now I am surprised if it is over 135 Mbps.

Using a VPN appliance on my network with an I7 processor I can get about the same but the speeds vary between 120 - 140 Mbps depending on time of day. My raw speed from my ISP is much more consistent and ranges between 165 - 175 Mbps.
 
CaptainSTX said:
Using a VPN appliance on my network with an I7 processor I can get about the same but the speeds vary between 120 - 140 Mbps depending on time of day. My raw speed from my ISP is much more consistent and ranges between 165 - 175 Mbps.
Click to expand...

exactly - I've got a purpose built machine - Netgate 2440, and it's stable and fast, but it averages around 100Mbps for VPN's on pfSense...
 
CaptainSTX and sfx2000,
First of all thank you for replying. You have put things into perspective very nicely. Your input has been very valuable and appreciated. I am pretty much resolved to the fact that I cannot run my VPN on my router. And, it would appear that I will only be running it from my computers when I am banking or purchasing something online. I appreciate your comments about VPNs fluctuation in speed. For some reason, that issue had not occurred to me. I kept wondering why I could run it OK at one time on a site and then could not run it at all some other time on the same site. Thanks again.
 
As I mentioned, my VPN has been very responsive to my inquiries. NordVPN sent me this information which further explains and clarifies the difficulties with VPNs and OpenVPN in particular.

"The downside to OpenVPN is that in its current architecture, it is not scalable. It runs as a monolithic process and cannot run multi-threaded. This means that if you have a beefy processor with 8 cores and each of the cores has 8 threads, OpenVPN will use only a single thread in one of the available cores.
Regarding routers - they do not have powerful CPUs, thus encrypting and decrypting OpenVPN traffic is a real challenge for them. For that reason the speed can drop by a large amount."

NordVPN provides percent utilization and up and down speed information about their servers (421 TCP and UDP servers in US.) I have observer that the servers themselves seem to slow down significantly as their utilization increases which is only logical given the above information.

I appreciate everyone's response and support. Thank you.
 
James Rogers said:
The downside to OpenVPN is that in its current architecture, it is not scalable. It runs as a monolithic process and cannot run multi-threaded. This means that if you have a beefy processor with 8 cores and each of the cores has 8 threads, OpenVPN will use only a single thread in one of the available cores
Click to expand...

And that's why OpenVPN - while being secure - doesn't scale really well...
 
sfx2000 said:
And that's why OpenVPN - while being secure - doesn't scale really well...
Click to expand...

Having multiple cores can help with VPN. In Merlin's firmware the first VPN Client runs on core 2. If ytou start a second VPN client it then runs on core 1. By having two VPN clients running you can split the load by having half your devices run on VPN 1 the rest on VPN 2. Does it double throughput no but it does increase it.

Could it be scaled up so you if you have eight cores you could have eight clients?
 
CaptainSTX said:
Having multiple cores can help with VPN. In Merlin's firmware the first VPN Client runs on core 2. If ytou start a second VPN client it then runs on core 1. By having two VPN clients running you can split the load by having half your devices run on VPN 1 the rest on VPN 2. Does it double throughput no but it does increase it.

Could it be scaled up so you if you have eight cores you could have eight clients?
Click to expand...

It the context jump between kernel to userland to kernel that causes the scaling issues... OpenSSL can thread nicely these days, but OpenVPN and the TUN/TAP drivers are still single threaded.
 
Do vpn providers allow ipsec tunnels? If so, using a ipsec vpn router would be able to do much better as these are typically enterprise devices when throughput is gigabit.
 
James Rogers said:
I am in the US. I have set up an openvpn on my ASUS RT-AC5300 router which I purchased due to its ability to run a VPN. I am lucky enough to have a gigabit connection. I am running a wired connection to my desktop and to my Roku device. With the VPN on the router disabled, I am getting speeds on the desktop of about 945 Mbps down and 650 up. With the VPN on the router connected, I am getting speeds of about 35 up and 40 down on the desktop. Plus, my Ruku device has major difficulty streaming Netflix and Amazon will not stream at all.

For obvious reasons, I wanted to use the VPN on the router, but the reduction in speed and lack of streaming ability are prohibitive. On my AC wireless laptop with the VPN connected, I am getting about 55 down and 108 up. Off, I am getting 220 up and 225 down. So, the VPN on the laptop and desktop is substantially reducing speeds, but not as much as it is being reduced with the VPN on the router. Ideas? Suggestions? Thanks. Using speedtest.net

Also, can anyone suggest a router with enough CPU to handle the openvpn encryption and maintain a descent bandwidth?
Click to expand...

It'd be helpful to be able to look at the settings you're using for compression and encryption. Could you post either the contents of your .ovpn file or a screenshot of your Asus VPN Client settings page?

Also have you looked at the @yorgi sticky for using policy rules to route your streaming traffic to your local ISP while keeping other traffic moving through your VPN?

You've got the router and the bandwidth for a very slick setup, and I think configuring your VPN for maximum performance and policy routing traffic that doesn't really need to go through the tunnel could get you where you want to go.
 
James Rogers said:
I am in the US. I have set up an openvpn on my ASUS RT-AC5300 router which I purchased due to its ability to run a VPN. I am lucky enough to have a gigabit connection. I am running a wired connection to my desktop and to my Roku device. With the VPN on the router disabled, I am getting speeds on the desktop of about 945 Mbps down and 650 up. With the VPN on the router connected, I am getting speeds of about 35 up and 40 down on the desktop. Plus, my Ruku device has major difficulty streaming Netflix and Amazon will not stream at all.
Click to expand...
My vpn server is in CA. Speedtest results give me downloads speeds of around 10Mbps. But when I run speed test to the server in Bangkok, I get near native line speed. Sometimes less and sometimes more. I also have a Roku player. Mine is a Roku 4. I can watch Netflix, Hulu, SlingTV, Sports and 4K videos with no buffering. The speeds you report should be sufficient. What happens when you try and watch NF on your PC? I first started out with no encrypiton when I arrived here. But now that I have 200 Mbps, I use 128-AES-CBC.

Do you have NAT acceleration turn on?

You can compare your settings with mine in these posts.

https://www.snbforums.com/threads/t...for-asus-merlin-380-65-380-65_2-part-i.38281/

https://www.snbforums.com/threads/t...or-asus-merlin-380-65-380-65_2-part-ii.38282/

https://www.snbforums.com/threads/t...r-asus-merlin-380-65-380-65_2-part-iii.38283/

Check your cable connections. If using WIFI, turn off air time fairness. Make sure you are using a static channel. Just thoughts..
 
Last edited:
You must log in or register to reply here.

Similar threads

gdgross
Setting up VPN server (router?) for offsite access
Replies
13
Views
817
gdgross
gdgross
A
Best way to set up vpn on router for gaming?
Replies
13
Views
1K
Benbrode
B
tresnugget
BE98 Pro slow wifi download normal upload
Replies
11
Views
2K
tresnugget
tresnugget
tagfoto
Pulse Secure Desktop Client Failing
Replies
8
Views
517
sfx2000
sfx2000
T
Dual Routers ??
Replies
6
Views
250
thecubbyholeshop
T

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 767 (members: 26, guests: 741)
Top