OpenVPN performance of the RT-AC86U

CaptainSTX

Part of the Furniture
The destination port does not matter. Same reason why you are able to connect to multiple websites at the same time despite all of them being on port 80/443. What matters most is that the subnet must be different for each client.

Good insight as always from you.

I did some tests first using PIA where I was able to connect to two VPN servers, each server in its own subnet. Could connect with both clients using either the same port or different ports. It worked as you said it should.

Repeated the same test using two Astrill servers unable to connect to more than one server. When connected to the first server and then trying to connect to the second server I received an authentication error.

So it is a function of how the VPN provider runs their service and if they will allow multiple client/server connections.

Thanks.
 

RMerlin

Asuswrt-Merlin dev
So it is a function of how the VPN provider runs their service and if they will allow multiple client/server connections.

That is another factor indeed. VPN providers will usually mention how many simultaneous connections are allowed per account.
 

CaptainSTX

Part of the Furniture
That is another factor indeed. VPN providers will usually mention how many simultaneous connections are allowed per account.

Both Astrill and PIA allow 5 or 6 connections on your subscribed account. Astrill seems to enforce this to mean on a single connection per device.

Don't know if other VPN providers permit multiple server/client connections from a single router. I seem to remember that StrongVPN was also restrictive.
 

cplay

Senior Member
Good insight as always from you.

I did some tests first using PIA where I was able to connect to two VPN servers, each server in its own subnet. Could connect with both clients using either the same port or different ports. It worked as you said it should.

Repeated the same test using two Astrill servers unable to connect to more than one server. When connected to the first server and then trying to connect to the second server I received an authentication error.

So it is a function of how the VPN provider runs their service and if they will allow multiple client/server connections.

Thanks.

Yeah, they dont allow you to run multiple tunnels on one device.

Expressvpn do though but Astril is more stable which is why I use their more expensive, awful customer service, service.
 

unclebuk

Senior Member
Speedtest_OpenVPN-Se.jpg Hello,

Is it possible to achieve a download speed of 375Mbps using OpenVPN Client on the AC86U?
I am perplexed as I just conducted an ookla cli speed test on a macbook (policy routed) connected by Cat5 to an Asus86U thru a switch with a OpenVPN connection on Client 1 and the speed reached 375Mbps from my loaction in SE Asia. My ISP supplies 500/500Mbps fiber service.
Server is Sweden, SHA256. cipher AES-128-CBC, etc. Can anyone explain what could an this anomaly? Is it even possible. Also, YESTERDAY, I checked the speed to the same server with the OpenVPN connection on the macbook with SHIMO Client and the speed was >600Mbps.
Any thoughts, explanations? This IS NOT possible?!

Thank you in advance.
 

RMerlin

Asuswrt-Merlin dev
SHIMO Client and the speed was >600Mbps.
Any thoughts, explanations? This IS NOT possible?!

Your traffic is not going through the VPN.
 

unclebuk

Senior Member
Your traffic is not going through the VPN.
Makes sense. What about the other scenario with the router speed of 375Mbps, same?
Do you know why/how my traffic is not in the tunnel but DNS leak checks and IP location checks out in Sweden? Any way to verify the route my traffic is taking?
Thanks.
 
Last edited:

CaptainSTX

Part of the Furniture
It is possible that you got that speed but the best most people report is 225 - 275 Mbps using OpenVPN on an AC86. Also just the shear distance from your location to the Swedish server is another reason your speeds seem unbelievable good.

Who is your VPN provider?

Connect to other VPN servers from your provider and see what IPs you get as well as the speeds. Also install the VPN app from your VPN provider if that wasn't what you used before. Pay attention to the Ping times. The shear distance from your location to Sweden will substantially increase the Ping times.

Finally use a couple of different speed tests to see if they all show speeds over 300 Mbps.

Also see what happens when you turn off any ad blockers you are running on the PC and the router and then when you browse to a site are some or all the ads in Swedish?
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Makes sense. What about the other scenario with the router speed of 375Mbps, same?

If you are way above the benchmarked results reported by others, then expect that your traffic isn't going through the VPN tunnel.

Do you know why/how my traffic is not in the tunnel but DNS leak checks and IP location checks out in Sweden?

Using the DNS server is separate from routing through the tunnel. Do a traceroute to any outside site, and make sure the route does go through the VPN tunnel (quite often it will include 10.x.x.x IP address, with a notably higher ping time then normal traffic).
 

Dex10

Occasional Visitor
Folks,

I see what appears to be an inconsistency in the Merlin firmware related to the 'customer VPN', using 'policy rules'. (I'm using the 86U and tested the 384.18 and the 19.

-When opting for the 'policy rules', I create the list indicating the devices that should go through the VPN, as well as those that should not:

1604238762344.png


- however, when I turn on the VPN, instead of just showing the list I created, no, see what appears:

1604238776897.png



Therefore, there is a confusing relationship, when I imagine that the list should be presented as I initially created it, above all, to make it simple to check which devices are going through the VPN (and which ones are not), as well as to make it simple to manipulate the devices. , if I want to change the rules.

Is this correct or am I doing the wrong configuration?
 

01tt01f

New Around Here
...

Even on my ac86u (i checked last night) I get an extra 10 percent speed by using router pro udp which uses two cores.

When I was check their logs it appears they used a modded version of openvpn to make this dual core utilisation work.

...

Hey,can you print out some logs?
Are you sure the astrill applet utilizes dual cores?
As RouterPro is a variant of OpenVPN which relies on one core,can you be more specific?
Have you confirmed with Astril tech or is there any official claim the Applet uses multi-core if there is?

It's quite modest for Astrill if the RouterPro utilizes dual cores or more.
We have seen so many promotion claims in so many commericial companies.To my surprise,Astrill doesn't claim anything about multi-core use of RouterPro.
 

Luboknok

Regular Contributor
not even sure the dual core matters when AESNI offloads the VPN crypto.
Although I did note the online speedtests vastly over-represent the throughput... speedtest-cli shows more realistic ~150Mbps
 

tvferret

Occasional Visitor
Strange, with firmware 386.2_6 I get max 75 Mbs with AES_256_GCM and 100 with AES_128_GCM. To me this indicates that AESNI is not working. Also, I setup a private OpenVPN server, forcing
AES 265 GCM and the speed will not exceed 100Mbs either. I was expecting anything between 150 and 200 Mbs. Any ideas? Am I missing something?
 

JoeBee

Regular Contributor
Folks,

I see what appears to be an inconsistency in the Merlin firmware related to the 'customer VPN', using 'policy rules'. (I'm using the 86U and tested the 384.18 and the 19.

-When opting for the 'policy rules', I create the list indicating the devices that should go through the VPN, as well as those that should not:

View attachment 27340

- however, when I turn on the VPN, instead of just showing the list I created, no, see what appears:

View attachment 27341


Therefore, there is a confusing relationship, when I imagine that the list should be presented as I initially created it, above all, to make it simple to check which devices are going through the VPN (and which ones are not), as well as to make it simple to manipulate the devices. , if I want to change the rules.

Is this correct or am I doing the wrong configuration?

I am also back on the 384.19 firmware, not an expert with these things but never seen anything like that before on my policy routing list.

Did you try and do a complete factory reset of your router and then flash it with 18 or 19 firmware again and try again ?

Also try installing firefox or chrome or use a different browser and see if you get anything better.

On mine with 384.19 it saves the policy routing list perfectly and am using chrome browser.
 

JoeBee

Regular Contributor
Strange, with firmware 386.2_6 I get max 75 Mbs with AES_256_GCM and 100 with AES_128_GCM. To me this indicates that AESNI is not working. Also, I setup a private OpenVPN server, forcing
AES 265 GCM and the speed will not exceed 100Mbs either. I was expecting anything between 150 and 200 Mbs. Any ideas? Am I missing something?

Had the same issue with this 386.2.6 firmware my openvpn speeds got chopped almost in half, gone back to 384.19 now maxing out my speeds again, if you go back to an earlier firmware or try 384.19 see if you get your openvpn speeds back, its worth a shot.
 

tvferret

Occasional Visitor
Had the same issue with this 386.2.6 firmware my openvpn speeds got chopped almost in half, gone back to 384.19 now maxing out my speeds again, if you go back to an earlier firmware or try 384.19 see if you get your openvpn speeds back, its worth a shot.
My issue got resolved ;-) Problem was an overheating of the CPU, when temperature exceeds 100 deg C, temp protection activates and one of the cores shuts down. With both cores running, I am getting consistent 160 Mbits so AESNI is working. And I am on 386.2_6. What speeds are you getting on 384.19?
 

Galgofa

Occasional Visitor
Can't get OpenVpn client to achieve speed of my ISP connection, bridged vdsl 100/10, which is supposedly at least give me 10/90 as max on the other end.
RT-AX88U with latest beta, no any noticeable change in the speed while playing with setting of VPN server, almost always speedtest giving me abt 9/9 mbs.

Any advice how to ?
 

L&LD

Part of the Furniture
After flashing the latest beta (386.3 Beta 3, correct?), did you do a full reset to factory defaults without using any saved backup config files?

If you haven't, when was the last time you did so?

Have you ever hit the max you expect on OpenVPN?

What options past defaults are you using in the OpenVPN settings?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top