1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN performance of the RT-AC86U

Discussion in 'VPN' started by RMerlin, Sep 14, 2017.

  1. JoeBee

    JoeBee Regular Contributor

    Joined:
    Dec 14, 2019
    Messages:
    50
    thanks that is interesting to know, did you by chance notice erratic speeds on your 220+ Mbps with AC86u also ?

    I hear the reliability of openvpn performance around 250-300Mbps is poor with speeds dipping often then up again, Wiregaurd no such issue. Maybe openvpn is finally showing its age.
     
  2. kamoj

    kamoj Very Senior Member

    Joined:
    May 12, 2017
    Messages:
    537
    I thought 220+ Mbps (AES-256) was good enough and never tried to optimize it.
    (I put my effort on the Netgear R7800, since Merlin support the RT-AC86U perfectly well).

    Each VPN provider requires different settings (e.g. mtu size, mss fix, and buffer length) to get optimal speed and avoid the "speed dipping" you talk about.
    You can look in the openvpn log file to understand more of this "clipping". Also I believe you want to stay at AES-128 to get the highest speeds.

    PS
    And don't forget you want to encrypt the DNS traffic as well - with both OpenVPN and Wireguard.

     
    L&LD and JoeBee like this.
  3. JoeBee

    JoeBee Regular Contributor

    Joined:
    Dec 14, 2019
    Messages:
    50
    thx that is very new information, I have suffered from a speed dipping issue while torrenting and sometimes on speed test sites at odd times but never really looked into mtu size or mss fix I only use the default custom entries via the VPN providers pfsense guides, I have however set send/receive buffers set currently to 512KiB which helped a lot with my pfsense system though.

    I don't think I noticed the issue on my Asus AC-86u though but went back to pfsense since it has port forwarding under any vpn which I miss.
     
  4. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,391
    For the AC86 it isn't a hardware limitation reducing VPN speeds it is the fact that most if not all VPN providers can't support speeds much higher than 200 - 300 Mbps. The economics of the industry don't make it feasible to have ultra high speed processors on their servers, have unlimited pipes to the Internet to support multiple devices connected at high speeds, and then limit the number of connected clients to each server. Not going to happen at $4 - $7 a month per customer.

    Demonstrate the limit is on your VPN providers end by running a VPN client on your PC with a fast processor that supports AES-NI and see if you get consistently higher speeds than you get by running the client on your AC86 router. Also if your VPN provider supports WireGuard try the test running the a VPN app on your PC with both OpenVPN and WireGuard and see if it makes much of a difference. IMHO from testing with Astrill on an I7 PC I don't a significant difference.
     
    JoeBee and L&LD like this.
  5. toshas

    toshas New Around Here

    Joined:
    Jan 26, 2020
    Messages:
    2
    Hello, @RMerlin!

    Could you explain why PPTP VPN pass-though takes so much CPU resources on Asus routers ?

    My goal is to get LAN-to-LAN VPN tunnel with relative high bandwidth.
    When AC86U is used as VPN endpoint (PPTP server or client) I can get up 25MB/s (~200Mb/s) with FTP file transfer. AC86U cpu demonstrate up to 100-102% load in this mode.
    It's expected results reported by many other users above.

    Then I moved PPTP server and client to dedicated PC's with i5 cpu.
    FTP file transfer speed increased to 50MB/s (~400Mb/s) and AC86U cpu demonstrate up to 100-102% load.
    Looks like AC86U is bottle neck in this situation again.

    Here is my experiment testbed:
    i5(PPTP server, FTP server) - 1Gb wired lan - AC86U (NAT) - 1Gb wired network - AC86U (NAT) - 1Gb wired lan - i5(PPTP client, FTP client).

    Initially I thought that NAT mode has a speed limit, but FTP file transfer without PPTP has 112MB/s speed.

    p.s. Is it possible that this behavior is linked with PPTP protocol ? Will OpenVPN have better pass-though performance ? Why router's cpu is used in case of pass-though traffic, DPI ?

    Many thanks!
     
  6. toshas

    toshas New Around Here

    Joined:
    Jan 26, 2020
    Messages:
    2
    @RMerlin suggested to test OpenVPN instead of PPTP, because router hasn't hw acceleration of GRE protocol (PPTP).

    I got 34MB/s speed, i5-7260U became a bottle neck (80% load).
    Router's cpu load was minimal (1-2%) with data transfer through OpenVPN tunnel.
     
  7. Odkrys

    Odkrys Senior Member

    Joined:
    Jul 28, 2016
    Messages:
    377
    For speed, check out WireGuard. With pc level CPUs you can easily achieve gigabit.
     
  8. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    11,432
    With PC level CPUs you can achieve Gbps speeds with any VPN, depending on the server you're connecting to and your current/connected ISP. :)
     
  9. Odkrys

    Odkrys Senior Member

    Joined:
    Jul 28, 2016
    Messages:
    377
    not really.

    PPTP without router, maybe possible.
    PPTP with router, router should be also x86.
    GRE requires software NAT.

    OpenVPN, eh you need a 8GHz core speed cpu LOL.

    For Gigabit connection between two sites, IPsec or WireGuard is answer.