What's new

OpenVPN performance of the RT-AC86U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I got 220+ Mbps as client through the RT-AC86U.
Running same connection through my PC with same encryption: 500 Mbps.

If you want higher speed than 220+ I advice you to go for VPN through Wireguard!

thanks that is interesting to know, did you by chance notice erratic speeds on your 220+ Mbps with AC86u also ?

I hear the reliability of openvpn performance around 250-300Mbps is poor with speeds dipping often then up again, Wiregaurd no such issue. Maybe openvpn is finally showing its age.
 
I thought 220+ Mbps (AES-256) was good enough and never tried to optimize it.
(I put my effort on the Netgear R7800, since Merlin support the RT-AC86U perfectly well).

Each VPN provider requires different settings (e.g. mtu size, mss fix, and buffer length) to get optimal speed and avoid the "speed dipping" you talk about.
You can look in the openvpn log file to understand more of this "clipping". Also I believe you want to stay at AES-128 to get the highest speeds.

PS
And don't forget you want to encrypt the DNS traffic as well - with both OpenVPN and Wireguard.

thanks that is interesting to know, did you by chance notice erratic speeds on your 220+ Mbps with AC86u also ?

I hear the reliability of openvpn performance around 250-300Mbps is poor with speeds dipping often then up again, Wiregaurd no such issue. Maybe openvpn is finally showing its age.
 
I thought 220+ Mbps (AES-256) was good enough and never tried to optimize it.
(I put my effort on the Netgear R7800, since Merlin support the RT-AC86U perfectly well).

Each VPN provider requires different settings (e.g. mtu size, mss fix, and buffer length) to get optimal speed and avoid the "speed dipping" you talk about.
You can look in the openvpn log file to understand more of this "clipping". Also I believe you want to stay at AES-128 to get the highest speeds.

PS
And don't forget you want to encrypt the DNS traffic as well - with both OpenVPN and Wireguard.

thx that is very new information, I have suffered from a speed dipping issue while torrenting and sometimes on speed test sites at odd times but never really looked into mtu size or mss fix I only use the default custom entries via the VPN providers pfsense guides, I have however set send/receive buffers set currently to 512KiB which helped a lot with my pfsense system though.

I don't think I noticed the issue on my Asus AC-86u though but went back to pfsense since it has port forwarding under any vpn which I miss.
 
For the AC86 it isn't a hardware limitation reducing VPN speeds it is the fact that most if not all VPN providers can't support speeds much higher than 200 - 300 Mbps. The economics of the industry don't make it feasible to have ultra high speed processors on their servers, have unlimited pipes to the Internet to support multiple devices connected at high speeds, and then limit the number of connected clients to each server. Not going to happen at $4 - $7 a month per customer.

Demonstrate the limit is on your VPN providers end by running a VPN client on your PC with a fast processor that supports AES-NI and see if you get consistently higher speeds than you get by running the client on your AC86 router. Also if your VPN provider supports WireGuard try the test running the a VPN app on your PC with both OpenVPN and WireGuard and see if it makes much of a difference. IMHO from testing with Astrill on an I7 PC I don't a significant difference.
 
Hello, @RMerlin!

Could you explain why PPTP VPN pass-though takes so much CPU resources on Asus routers ?

My goal is to get LAN-to-LAN VPN tunnel with relative high bandwidth.
When AC86U is used as VPN endpoint (PPTP server or client) I can get up 25MB/s (~200Mb/s) with FTP file transfer. AC86U cpu demonstrate up to 100-102% load in this mode.
It's expected results reported by many other users above.

Then I moved PPTP server and client to dedicated PC's with i5 cpu.
FTP file transfer speed increased to 50MB/s (~400Mb/s) and AC86U cpu demonstrate up to 100-102% load.
Looks like AC86U is bottle neck in this situation again.

Here is my experiment testbed:
i5(PPTP server, FTP server) - 1Gb wired lan - AC86U (NAT) - 1Gb wired network - AC86U (NAT) - 1Gb wired lan - i5(PPTP client, FTP client).

Initially I thought that NAT mode has a speed limit, but FTP file transfer without PPTP has 112MB/s speed.

p.s. Is it possible that this behavior is linked with PPTP protocol ? Will OpenVPN have better pass-though performance ? Why router's cpu is used in case of pass-though traffic, DPI ?

Many thanks!
 
@RMerlin suggested to test OpenVPN instead of PPTP, because router hasn't hw acceleration of GRE protocol (PPTP).

I got 34MB/s speed, i5-7260U became a bottle neck (80% load).
Router's cpu load was minimal (1-2%) with data transfer through OpenVPN tunnel.
 
@RMerlin suggested to test OpenVPN instead of PPTP, because router hasn't hw acceleration of GRE protocol (PPTP).

I got 34MB/s speed, i5-7260U became a bottle neck (80% load).
Router's cpu load was minimal (1-2%) with data transfer through OpenVPN tunnel.

For speed, check out WireGuard. With pc level CPUs you can easily achieve gigabit.
 
With PC level CPUs you can achieve Gbps speeds with any VPN, depending on the server you're connecting to and your current/connected ISP. :)
 
With PC level CPUs you can achieve Gbps speeds with any VPN, depending on the server you're connecting to and your current/connected ISP. :)
not really.

PPTP without router, maybe possible.
PPTP with router, router should be also x86.
GRE requires software NAT.

OpenVPN, eh you need a 8GHz core speed cpu LOL.

For Gigabit connection between two sites, IPsec or WireGuard is answer.
 
Hello!
My tests are ongoing and I am very pleased with the work of OpenVPN on AC86U(384.16). I get almost 200mbits of speed for a client. This is so cool. I am satisfied.

Снимок.JPG

PS:Now I am doing a table for IPsec.
 
For the AC86 it isn't a hardware limitation reducing VPN speeds it is the fact that most if not all VPN providers can't support speeds much higher than 200 - 300 Mbps. The economics of the industry don't make it feasible to have ultra high speed processors on their servers, have unlimited pipes to the Internet to support multiple devices connected at high speeds, and then limit the number of connected clients to each server. Not going to happen at $4 - $7 a month per customer.

Demonstrate the limit is on your VPN providers end by running a VPN client on your PC with a fast processor that supports AES-NI and see if you get consistently higher speeds than you get by running the client on your AC86 router. Also if your VPN provider supports WireGuard try the test running the a VPN app on your PC with both OpenVPN and WireGuard and see if it makes much of a difference. IMHO from testing with Astrill on an I7 PC I don't a significant difference.

Do you use their astril vpn applet?

Did you know their router pro udp protocol uses DUAL cores not just one like openvpn.

Can you test speed differences and report back?
 
For the AC86 it isn't a hardware limitation reducing VPN speeds it is the fact that most if not all VPN providers can't support speeds much higher than 200 - 300 Mbps. The economics of the industry don't make it feasible to have ultra high speed processors on their servers, have unlimited pipes to the Internet to support multiple devices connected at high speeds, and then limit the number of connected clients to each server. Not going to happen at $4 - $7 a month per customer.

Demonstrate the limit is on your VPN providers end by running a VPN client on your PC with a fast processor that supports AES-NI and see if you get consistently higher speeds than you get by running the client on your AC86 router. Also if your VPN provider supports WireGuard try the test running the a VPN app on your PC with both OpenVPN and WireGuard and see if it makes much of a difference. IMHO from testing with Astrill on an I7 PC I don't a significant difference.

You can only use their router pro udp protocol that uses dual core using the vpn applet on merlin btw.
 
I do use the Astrill app running on PC. I currently have it set to use WireGuard.

I also have Astrill set to run as a VPN client on my AC86 using OpenVPN.

In both cases a get 95% plus of my maximum download speed so it is in the range of 220 - 235 Mbps on a singe test which is almost the maximum I can expect from my Comcast connection which is provisioned at 200/10.

If I installed the router pro UDP I wouldn't be able to measure any improvement because I'm maxed out.

Also upload download speeds are much more variable now with the heavier use of the Internet. When you look at the past thirty days of speed tests my standard deviation is 46 Mbps so to be at the 95% confidence level which is two standard deviations I would have to show a change of 92 Mbps which is meaningless with a base connection speed of 200 Mbps.
 
I do use the Astrill app running on PC. I currently have it set to use WireGuard.

I also have Astrill set to run as a VPN client on my AC86 using OpenVPN.

In both cases a get 95% plus of my maximum download speed so it is in the range of 220 - 235 Mbps on a singe test which is almost the maximum I can expect from my Comcast connection which is provisioned at 200/10.

If I installed the router pro UDP I wouldn't be able to measure any improvement because I'm maxed out.

Also upload download speeds are much more variable now with the heavier use of the Internet. When you look at the past thirty days of speed tests my standard deviation is 46 Mbps so to be at the 95% confidence level which is two standard deviations I would have to show a change of 92 Mbps which is meaningless with a base connection speed of 200 Mbps.

If you get 600 or 1gb internet run the rest and let me know!

For example on my old ac68 router pro udp (2 cores) would get nearly double throughput (from 35 max to 65-70) compared to normal openvpn single core.

Astril vpn have solid stability but I have noticed during covid-19 their speeds are variable (but their systems are made for this much usage as I believe they use a lot of dedicated servers which aren't as scalable as cloud servers).

Normally around 90 in the morning now only 70 in morning and at night used to 70-80 now around 40mb.

Still solid stability which is the main thing - only a few disconnects over the past few weeks!
 
I tried both Astrill and PIA when I experimented with Gig service and didn't see much in the way of download speed increases when going through either VPN tunnel.

No plans to pay more for higher speeds as 200 Mbps is more than enough for my needs.

I will look at the Astrill site and read up on the router pro. Thanks for bringing to my attention.
 
I tried both Astrill and PIA when I experimented with Gig service and didn't see much in the way of download speed increases when going through either VPN tunnel.

No plans to pay more for higher speeds as 200 Mbps is more than enough for my needs.

I will look at the Astrill site and read up on the router pro. Thanks for bringing to my attention.

Don't bother, everything apart from their actual product is dog sh*t.

Worst customer service, worst knowledge articles, worst live chat.

Even on my ac86u (i checked last night) I get an extra 10 percent speed by using router pro udp which uses two cores.

When I was check their logs it appears they used a modded version of openvpn to make this dual core utilisation work.

But yeah, love their product, hate their customer service and awful general attitude.


(Removed racial slurs. -RM)
 
Last edited by a moderator:
Don't bother, everything apart from their actual product is dog sh*t.

Worst customer service, worst knowledge articles, worst live chat.

Even on my ac86u (i checked last night) I get an extra 10 percent speed by using router pro udp which uses two cores.

When I was check their logs it appears they used a modded version of openvpn to make this dual core utilisation work.

But yeah, love their product, hate their customer service and awful general attitude.


(Removed racial slurs. -RM)

Removed racial slurs @RMerlin ?

Definitely not - stereotyping possibly but with valid reasoning.

I was referring to poor customer service as a standard from French companies - it's not a racial slur, it's a worldwide fact and references to experiences not nicknames/slurs.

I'm assuming you just umbrella put it down as a racial slur due to the categorisation in moderation because there were no racial slurs uttered or nicknames given.

I live in France, love the French and their friendly disposition but in my experience, I have had consistently poor customer service vs other EU countries, the UK, and the US.

Likewise, so has a large portion of the western world including the French, who consistently take the mickey out of their companies!

The French are world leaders in many, many things, customer service not being one of them.

I was highlighting my experience with Astrill to be alike to customer service received as a whole in France, which is not something you expect from a US company.

HOWEVER,

I do understand your want to keep the forum free of any stereotypes that could offend people :)

Just thought the categorisation was a little extreme all things considering.
 
Last edited:
I do use the Astrill app running on PC. I currently have it set to use WireGuard.

I also have Astrill set to run as a VPN client on my AC86 using OpenVPN.

In both cases a get 95% plus of my maximum download speed so it is in the range of 220 - 235 Mbps on a singe test which is almost the maximum I can expect from my Comcast connection which is provisioned at 200/10.

If I installed the router pro UDP I wouldn't be able to measure any improvement because I'm maxed out.

Also upload download speeds are much more variable now with the heavier use of the Internet. When you look at the past thirty days of speed tests my standard deviation is 46 Mbps so to be at the 95% confidence level which is two standard deviations I would have to show a change of 92 Mbps which is meaningless with a base connection speed of 200 Mbps.

So, let me ask....overall, how do u like astrill and what do u like most about them? They want $20/month to try their service. I am mostly interested in their Wireguard service and how well it performs on android device.
 
I like Astrill and it has worked well for me. Their app running on a PC offers more flexibility than others I have used. The app also works well on Iphones. The support has always been fine for my needs.

Running it on my AC86 the speeds are similar to PIA so no advantage to running it on a router for throughput. I support my sons AC1900P running Merlin. It is easier for him just upload an OVPN file from Astrill which includes both a user name and password and restart a VPN client using a server in a different geographic location quickly. No need to look up a username and password.

The two disadvantages Astrill is its cost and the fact that they only support open VPN running on port 8292 which means it is not possible to run more than one open VPN instance of Astrill on your router at anyone time. PIA offers 11 ports so it is possible to run multiple PIA clients simultaneously on your router.
 
The two disadvantages Astrill is its cost and the fact that they only support open VPN running on port 8292 which means it is not possible to run more than one open VPN instance of Astrill on your router at anyone time. PIA offers 11 ports so it is possible to run multiple PIA clients simultaneously on your router.

The destination port does not matter. Same reason why you are able to connect to multiple websites at the same time despite all of them being on port 80/443. What matters most is that the subnet must be different for each client.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top