ExpressVPN and Stock Asus OpenVPN

[RMerlin]

That's interesting. 87u can do up to 60Mbps with average 50-54Mbps on optimized channels if overclocked. You were running your vpn on non optimized channel but 70mbps is impressive. That linksys has 1400Mhz so it's higher then 87u stock 1000mhz. CPU is what does vpn so the better the cpu the faster speed will be.

Unfortunately most if not all routers are ARM cpu which suck balls. They etiher need to do quad core or somehow increase througput. That atom cpu would be killing it. It has up to 8 cores and runs up to 2.4Ghz per core while using 15-20W of power. Amazing.

For $250+ u might as well build atom pc 25w power usage and put pfsense on it as router, either buy some wifi cards as AP or use cheap router in AP mode. Pfsense don't support AC mode yet but then again who cares. Using cheap AP like 66u would be ideal. I got my 87u for $44 so i can't complain about pricing and what i get for it.

Multiple CPU cores wouldn't help, since OpenVPN is single-threaded. What we need is hardware crypto support, such as AES-NI support which is available on the ARM Cortex A53 CPU.

 

[Rango]

Multiple CPU cores wouldn't help, since OpenVPN is single-threaded. What we need is hardware crypto support, such as AES-NI support which is available on the ARM Cortex A53 CPU.

Thanks Merlin but 2.4Ghz single core should be able to pull 100mbps on openvpn. I read atom has 20,000mips while our 87u is 2380mips, 10x over so should easyily without a sweat pull 100mpbs as it's 10x mips faster even on one core correct?

Also that atom has AES-NI instructions in the cpu.
http://ark.intel.com/products/77987/Intel-Atom-Processor-C2750-4M-Cache-2_40-GHz

I will be looking to build that but don't have $380 in budget right now. I'll install ESX on it then pfsense then maybe freenas while i still have 4-6 cores for other servers, hosts. If someone is paying $350 for router this is sweet deal imo

 

[System Error Message]

That is untrue. The crypto performance =\= mips. mips is a measure of the cpu doing useful instructions not math. Flops is the measurement for the CPU's math performance.
mips can be used to explain the atom's much faster routing performance whereas for encryption performance it depends on the math performance of the units involved.

Also the instruction set plays a big role in performance such as SSE in handling larger datasets. Give a large dataset to a CPU without instruction sets for it and it will take much much longer. If you read about what SSE does is that it allows doing math with 128 bit or larger datasets using less cycles.

@RMerlin, ARM doesnt suck but the ARMs used in routers suck because they use the ARM A7 and A9 cores. If they had used the A15 in the first place it would have had much faster vpn and routing speeds.

 

[Cake]

Its too bad OpenVPN developers won't merge the scramble patch to the main OpenVPN. They say just run obfsproxy.
I really like what HGG did. (hint)

 

[RMerlin]

@RMerlin, ARM doesnt suck but the ARMs used in routers suck because they use the ARM A7 and A9 cores. If they had used the A15 in the first place it would have had much faster vpn and routing speeds.

The new BCM4908 uses a Cortex A53. This should make a significant difference in crypto performance, assuming they didn't go with a castrated core (are all A53 with the AES block, or is that optional?)

 

[System Error Message]

The new BCM4908 uses a Cortex A53. This should make a significant difference in crypto performance, assuming they didn't go with a castrated core (are all A53 with the AES block, or is that optional?)

For a CPU, a lot is optional. For example you could have ARM with no hardware float. My guess is that when broadcom did their ARM A9 they didnt include most of the ARM V7 extensions. Its all a question of how much silicon and transistors you want in the hardware but the most basic instructions will be able to handle all tasks though at a much longer pace (see the math proof of needing 23 instructions to perform every single task). AES block is optional.

Although even with the included extension instructions the software and OS must be compiled to make use of them.

 

[RMerlin]

For a CPU, a lot is optional. For example you could have ARM with no hardware float. My guess is that when broadcom did their ARM A9 they didnt include most of the ARM V7 extensions. Its all a question of how much silicon and transistors you want in the hardware but the most basic instructions will be able to handle all tasks though at a much longer pace (see the math proof of needing 23 instructions to perform every single task). AES block is optional.

Although even with the included extension instructions the software and OS must be compiled to make use of them.

From what I understand, BCM isn't building their own CPU out of an ARM license, with their choice of logical blocks. They are reusing a complete, existing CPU design in the Cortex A9 (or Cortex A53). I suspect that means a very specific feature set is there, I doubt that the blocks are optional when you chose to use a Cortex A53 - that's what I was wondering.

 

[System Error Message]

For example the Tilera Tilegx CPUs have AES acceleration and float unit as extensions, however even though those 2 are optional since only Tilera sells their CPUs and gets them made by a foundry those optional units are always included. If Tilera were to license their CPU than someone else could build it without those extensions so it would not have crypto acceleration and the CPU cores would perform software float instead(routers use bytes, not floats not even in encryption).

BCM would definitely put some design in the CPU as they would design their own SOC (with switch and other stuff in their chip) so they might add or remove extensions. Removing an optional extension is actually quite easy to do. Based on their history whether broadcom or marvel i doubt they would include beneficial things mainly because they both use ARM A7 or A9 in their high end routers rather than ARM A15 whereas qualcomm simply used their kraits (which is close to A15) in their networking SoC but they didnt include any of the accelerators like the hexagon CPU in their network SoC. I was hoping that qualcomm's IPQ series would include the full SoC like their mobile SoCs but they dont. On phones with qualcomm snapdragons the hexagon CPU can be used to handle some tasks without the need for the CPU to interfere so to save power and CPU cycles.

I'd like to see apple use their cyclone CPUs in their routers instead of MIPS since routers have less of a power conservation need, their CPUs are very promising but they cant put 4 cores in their phones because of power consumption and heat.

Also the bigger the core the more yield issues you get which is why you dont see quad core broadcom A9 routers. A lot of platforms that use the recent ARM architecture usually use the stock config of dual A53 with dual A57. Lets see which router will use that config. less cores means less silicon and it is likely cheaper to produce 2 dual cores than 1 quad core but it mainly depends on the platform. Since both the router and SoC manufacturer dont include power savings in their platform having a quad core ARM A15 would require active cooling. Its why the idle power of a router is in watts rather than milliwatts like on your phone.

 

[RMerlin]

Also the bigger the core the more yield issues you get which is why you dont see quad core broadcom A9 routers. A lot of platforms that use the recent ARM architecture usually use the stock config of dual A53 with dual A57. Lets see which router will use that config. less cores means less silicon and it is likely cheaper to produce 2 dual cores than 1 quad core but it mainly depends on the platform. Since both the router and SoC manufacturer dont include power savings in their platform having a quad core ARM A15 would require active cooling. Its why the idle power of a router is in watts rather than milliwatts like on your phone.

Broadcom already announced they were using four CPU cores in their new SoC. No mention however if it's a traditional big.LITTLE architecture, or four Cortex A53 cores. My money is on the latter.

They also mention a "dedicated security processor". That sounds like more than just AES-NI extensions. Intriguing...

https://www.broadcom.com/press/release.php?id=s948493

 

[System Error Message]

Broadcom already announced they were using four CPU cores in their new SoC. No mention however if it's a traditional big.LITTLE architecture, or four Cortex A53 cores. My money is on the latter.

They also mention a "dedicated security processor". That sounds like more than just AES-NI extensions. Intriguing...

https://www.broadcom.com/press/release.php?id=s948493

It is going to use 4 A53 cores. The raspberry pi 3 uses a broadcom chip with that config however i didnt check if it had AES-NI. They arent going to put extra cost just to implement big.LITTLE for a router that they dont think is going to run general purpose software (despite router manufacturers including software libraries).

Broadcom can do a lot better by including their media accelerator core as well as they have with their other products but they dont. If they did it would mean a big advantage in what many people now use.

While broadcom is chasing the 1Gb/s home market im already 10Gb/s ready . I bet the new quad core routers are going to be as pricey as my CCR.

the AC5300 is half the price of my CCR router so with every new router the price/performance decreases which is what i have been complaining about.

 

[yorgi]

That's interesting. 87u can do up to 60Mbps with average 50-54Mbps on optimized channels if overclocked. You were running your vpn on non optimized channel but 70mbps is impressive. That linksys has 1400Mhz so it's higher then 87u stock 1000mhz. CPU is what does vpn so the better the cpu the faster speed will be.

Unfortunately most if not all routers are ARM cpu which suck balls. They etiher need to do quad core or somehow increase througput. That atom cpu would be killing it. It has up to 8 cores and runs up to 2.4Ghz per core while using 15-20W of power. Amazing.

For $250+ u might as well build atom pc 25w power usage and put pfsense on it as router, either buy some wifi cards as AP or use cheap router in AP mode. Pfsense don't support AC mode yet but then again who cares. Using cheap AP like 66u would be ideal. I got my 87u for $44 so i can't complain about pricing and what i get for it.

If you find another 87u for that price let me know

 

[System Error Message]

on broadcom's website they hype the details of the CPU saying it has 7 CPU cores when it is just a quad core with 3 wifi offload engines. The wifi offload engines dont count as the total core count because you cannot address them.

Technically i could add up the cores of my GPU because i can address them directly using openCL but in the case of routers theres no way to address those "cores". If a core cannot do what the main system does than it cannot be counted as a CPU core. On the GPU i can view CPU and memory usage and tasks that run on it. Cant do that with broadcom's SOC for these extra cores. I dont see intel calling their dual cores 6 core machines by adding the 4 GPU cores on the CPU nor AMD doing it with their APUs despite the fact that AMD has done some development in getting the GPU to run math instead of the CPU in their APU and with both intel and AMD supporting openCL quite well.

Broadcom really needs to stop hyping their products. I wont be buying their products if they keep this up, If they're gonna release "7 cores" than they gotta do it right which is by allowing the offload engines to run general purpose code for assisting the CPU in other things like running software. Someone really needs to apply some legal pressure about this. Consumers cant tell from the hype that it is really a quad core and they buy it thinking it has 7 cores (this would be very misleading).

I remember at one point ASUS was also doing the hype just because they added some CPU cores for specific tasks but they've removed that hype. Not sure if its to do with products interfering in marketing or that they realised that the definition doesnt fit or if its a legal problem.

Broadcom mentions hardware encryption for VPN so not sure if its just AES or multiple different encryption.

 

[RMerlin]

on broadcom's website they hype the details of the CPU saying it has 7 CPU cores when it is just a quad core with 3 wifi offload engines. The wifi offload engines dont count as the total core count because you cannot address them.

Nothing new there, they pulled the same marketing gimmick with their first Xstream platform. People in-the-know simply ignore that.

In their defense, those are at least actual ARM CPUs, running code that was originally run on the main CPU. It's at least closer to the truth than a GPU manufacturer who would start counting their GPU cores as being "CPUs".

It's marketing. Nothing to get worked over, marketing is the art of twisting facts to make things appear better. Apple showed us the pinnacle of that "art" with their constant use of superlatives when introducing new iPhones. I've long learned to just ignore it.

 

[System Error Message]

i know the extra cores are ARM based but the system doesnt let you address them directly. It would be nice to run some tasks on those cores, to see whats running on it, to view CPU usage just like you can do with a GPU.

When you see people talk about GPUs with nvidia ones specifically you will see them say "CUDA cores" referencing to the shaders. I do wish they would learn that a GPU core contains a bunch of stuff and some shaders and that shaders are directly related to graphics performance but arent cores, just units part of a core. In older GPUs shaders were part of a rendering pipeline but now shaders perform most rendering tasks.

 

[srp1969]

Hello,

I have just switched to ExpressVPN using the Asus RT-87u with the latest Merlin firmware and cannot get more than 12 mbps using OpenVPN and policy rules configured. I have tried connecting to different server locations but the speed is very poor. If i use the ExpressVPN client on windows i get 50 mbps. My ISP is cable and on speed tests i get 100 mbps.

I tried changing the encryption to AES-128-CBC, but i get an error which i think is due to the ExpressVPN OpenVPN client is set at AES-256 CBC and the file seems to be encrypted so you cannot change the config file.

The buffer size in Asus logs are set to 128k.

Any ideas if I can tweak the config to get better speeds? Or should i try another VPN provider who openly support Merlin firmware?

I also flashed the router back to the latest Asus stock and get the same speeds.

Thanks for any advice in advance.

Just been advised that there was an update of the Merlin firmware yesterday, so will give this ago tonight......

 

[srp1969]

Hello All,

I have now updated to the Merlin firmware 380.58_0 and the speeds are the same. So if anyone has some advice on how to boost the speed the advice is greatly appreciated.

Thanks,

 

[yorgi]

Hello,

I have just switched to ExpressVPN using the Asus RT-87u with the latest Merlin firmware and cannot get more than 12 mbps using OpenVPN and policy rules configured. I have tried connecting to different server locations but the speed is very poor. If i use the ExpressVPN client on windows i get 50 mbps. My ISP is cable and on speed tests i get 100 mbps.

I tried changing the encryption to AES-128-CBC, but i get an error which i think is due to the ExpressVPN OpenVPN client is set at AES-256 CBC and the file seems to be encrypted so you cannot change the config file.

The buffer size in Asus logs are set to 128k.

Any ideas if I can tweak the config to get better speeds? Or should i try another VPN provider who openly support Merlin firmware?

I also flashed the router back to the latest Asus stock and get the same speeds.

Thanks for any advice in advance.

Just been advised that there was an update of the Merlin firmware yesterday, so will give this ago tonight......

I would try PIA as well. They give 30 day trials. everyone that has tried tests with PIA has got a max of 50mb/s
so try that and let us know
btw the fastest servers for PIA are NY and Toronto
use this as a guide for PIA
http://www.snbforums.com/threads/ho...n-firmware-a-step-by-step-how-to-guide.30851/

 

[yorgi]

Hello All,

I have now updated to the Merlin firmware 380.58_0 and the speeds are the same. So if anyone has some advice on how to boost the speed the advice is greatly appreciated.

Thanks,

Most people who have 100mb/s ISP get 50mb/s with PIA
and when they tried with PIA or OpenVPN software they got it at almost max.
So maybe its express VPN that is throttling.
so with your 87U there is no reason why you cant get over 30mb/s
change provider for VPN PIA at least doesn't throttle from what I have seen.
I met someone from Ontario that will be going on PIA and I will see what speeds he gets
and will let you guys know

 

[yorgi]

Those AES-128-CBC are for PIA only
I don't know what Express VPN uses for encryption you would have to contact them and they can let you know
but PIA supports all the encrytptions and can easily be encorporated to an ASUS router via custom configurations at the bottom of the VPN in Merlin

Oh and btw
33 days 8 hours 3 minute(s) 38 seconds for 87U and purring like a kitten
that is for all your people that keep saying 87U has problems.

 

[Rango]

Hello,

I have just switched to ExpressVPN using the Asus RT-87u with the latest Merlin firmware and cannot get more than 12 mbps using OpenVPN and policy rules configured. I have tried connecting to different server locations but the speed is very poor. If i use the ExpressVPN client on windows i get 50 mbps. My ISP is cable and on speed tests i get 100 mbps.

I tried changing the encryption to AES-128-CBC, but i get an error which i think is due to the ExpressVPN OpenVPN client is set at AES-256 CBC and the file seems to be encrypted so you cannot change the config file.

The buffer size in Asus logs are set to 128k.

Any ideas if I can tweak the config to get better speeds? Or should i try another VPN provider who openly support Merlin firmware?

I also flashed the router back to the latest Asus stock and get the same speeds.

Thanks for any advice in advance.

Just been advised that there was an update of the Merlin firmware yesterday, so will give this ago tonight......

SRP you're limited by your router Mhz encryption/decryption processing speed, not vpn but good to know ExpressVPN speeds. Seems same as PIA, not worth the price then IMO.
ARM routers won't reach latest comcast ISP speeds of 90/12 so just FYI but you can get up to 60Mbps with all the remedies i mentioned.

What version number you're on? There is latest and there is latest beta and there is latest alpha, all different numbers?
I ask because vpn optimization client nubmer have changed so it's important for 20-30% more bandwith. If you're on .58 put your client on 1, 3 or 5 but not even. If you're on .57 use even 2, 4.

Also you may want to overclock the cpu Mhz speed which is main contributor to vpn speeds. Your clock is 1000mhz. You should be able to overclock to 1400mhz without any issues. No active cooling needed but i would check temps few times after overclock to see what they are. Once in a while router will have warped heat sink which may cause heat issues but if normal no need to actively cool it. Need need to be below 90C, ideally 80 or lower. If you're brave like i was you can try 1600mhz but mine didn't take it. 88u does take 1600mhz but not 87u.
and you may need to do asus recover after that which may be problematic to some but its simple actually. 1200mhz is sure thing and probably so is 1400mhz but few dont' take that. Here is info if you wanna get into that. You're taking the risk onto yourself so don't cry back but it's actually not risky IMO if you ask me. Just need to be able to read and monitor initial reaction of router to overclock. That's all. No big deal. Those routers have huge heat sinks and when installed properly they keep temps same as non-overclocked cpus. Same temps. If you're paranoid you can get $14 two fan cooling which i have but it's not needed.

http://www.snbforums.com/threads/overclocking-on-asuswrt-merlin-378-56_2-rt-ac68u-and-rt-n66u.28043/