What's new

OpenVPN performance of the RT-AC86U

Xentrk

Part of the Furniture
AiProtection is disabled. My speeds are not that great though. I have a 40meg line and used express, Nord and PIA. Wanna try Torguard and see which one performs the best. I also have a 68u running in Aimesh with my 86u

Sent from my VKY-L09 using Tapatalk
Not sure the provider is the issue. The 40 mbps line may be the bottleneck. Geo distance between you and the VPN server is another variable. I only had my hands on one for a few hours and did not have the opportunity to test on my 200 Mbps fiber connection. On my pfSense box, VPN performance using Ethernet connection is rather significant compared to wireless as WiFi can’t process jumbo frames. Make sure you test both Ethernet and wireless connectivity.
 

Stevie

Occasional Visitor
Not sure the provider is the issue. The 40 mbps line may be the bottleneck. Geo distance between you and the VPN server is another variable. I only had my hands on one for a few hours and did not have the opportunity to test on my 200 Mbps fiber connection. On my pfSense box, VPN performance using Ethernet connection is rather significant compared to wireless as WiFi can’t process jumbo frames. Make sure you test both Ethernet and wireless connectivity.
Yeah I'm on vdsl atm, until I get 100mb fibre in the area. I used PIA and got about 25mb to UK, London server. Will try different providers and different servers.

I'm also from another continent, so like you said will influence the speeds.

Sent from my VKY-L09 using Tapatalk
 

payandplay

Occasional Visitor
OpenVPN is more optimized in my firmware, however it shouldn't make a big difference. Your speed limitation might be from your tunnel provider rather than your router's CPU.



Can't be done with the stock firmware, you need my firmware and a firewall-start or a nat-start custom script.

Hi Merlin,

I was running Asus stock firmware on my RT-AC86U for several months, but today I decided finally to try Merlin 384.4_2 firmware.I have a NAS device in my network which i s only accessible via OpenVPN when a iptable routes are been added manually via SSH to the router. I've told me back ago that with stock firmware is not possible to save firewall settings and after router restart configuration is lost.., but with your firmware it is possible and with some firewall-start or nat start custom scripts.

Can I ask you for some guidance how and what i need to do in order to create these scripts, in order to retain iptables configuration after router restart.

Routes I need to add manually everytime router restarts.

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE


Thank you very much
 

Vince

Occasional Visitor
Great router got 90Mb OpenVPN on a 100Mb line with NordVPN and default settings from 10Mb on a RT-N66U
 

Geraner

Regular Contributor
I have also recently bought a RT-AC86U and made some VPN speed tests using the OpenVPN client in the router.
https://www.skadligkod.se/vpn/vpn-speedtest-asus-rt-ac86u-merlin-firmware/
After reading your posts I enabled HW Runner in the router. But this didn't improve / change any results in my test. Also disabling AiProtection did not have any impact on performance improvements.
 

steven168

Occasional Visitor
OpenVPN performance of the RT-AC88U is it same as RT-AC86U ?

RT-AC88U have 8 port which what i need
 

joegreat

Very Senior Member

penguin22

Regular Contributor
There appears to be general uncertainty and potential subjectivity with some of the custom values for OpenVPN connections; I reviewed this and many other threads across multiple forums, along with the OpenVPN 2.4 Manual found here and performed testing with my AC86U on a 100Mbps Comcast connection connected over a good distance through a media-bridge on a 20MHz 2.4GHz connection (specifying this as it means I will not get close to the 200Mbps connection some of you may in your experiences).

Results shown for DL only (in Mbps), average of 3 tests using SpeedOf.Me; PIA VPN, TUN, UDP, AES-256-CBC, SHA256:
Understanding that there are many permutations, I did the compression tests with the buffer and fast-io values enabled as I found them to not negatively affect performance on the AC86U, likely due to the fact that the CPU never broke a sweat.

Compression: Disabled (72) LZO (80), LZO Adaptive (84), LZ4 (91)

In my testing, Compression LZ4 consistently yielded the best results with buffers set to 524288 and fast-io enabled.

With Compression set to LZ4 and the following settings removed, I resulted in an average of (77).
Code:
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
fast-io
For now, I'm keeping these settings along with recommended settings per VPN provider and will see how things perform over time.
Code:
tls-client
remote-cert-tls server
auth-nocache
mute-replay-warnings
disable-occ
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
persist-key
persist-tun
 

ewokuk

Occasional Visitor
Got my AC86 a couple of weeks ago and I consistently get the full 220mb download on my 220mb connection over openvpn client 1, AES256-GCM. CPU was about 85% and 65% for the 2 cores I think so it feels like it could do more. No special settings, aiprotection is on, I have not set anything to do with buffers or fast-io. I get the same over cat5 as I do over 5ghz wifi (using a PCE-AC88 pcie card in the pc about 1m from the router). Using latest Merlin fw.

I like this router :p shame it can't do wireguard.
 

joegreat

Very Senior Member
I like this router :p shame it can't do wireguard.
Why should it support an unfinished project when it comes to security - where the creator warns to use it: :rolleyes:
WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come.
(Quote from https://www.wireguard.com/)
 

codera

New Around Here
Before buying RT-AC86U i would like a confirmation. I have a 300/300Mbps connection from my ISP.
Currently i have a small Hyper-V box with OpenVPN applicane VM, that can do around 45/25Mbps and also a Synology NAS with Intel CPU, that does 35/30Mbps on a tunnel connection.

Can a RT-AC86U router allow me to get better connection speed running a OpenVPN server?
 

RMerlin

Asuswrt-Merlin dev
Before buying RT-AC86U i would like a confirmation. I have a 300/300Mbps connection from my ISP.
Currently i have a small Hyper-V box with OpenVPN applicane VM, that can do around 45/25Mbps and also a Synology NAS with Intel CPU, that does 35/30Mbps on a tunnel connection.

Can a RT-AC86U router allow me to get better connection speed running a OpenVPN server?
Expect around 200 Mbps for Openvpn, 300 for IPsec.

Sent from my P027 using Tapatalk
 

Nodoze

New Around Here
This is an inspiring thread and I want to first thank Merlin for his work and everyone else for their testing/feedback/help. This has been an incredible read!

Before finding this thread I ordered the RT-AC68U from Amazon & was getting buyer's remorse wishing I had ordered an RT-AC86U instead... I was very happily surprised that the RT-AC68U I received has an upgraded dual-core 1.4 GHz CPU for the same price ~$140 that I was expecting at most a 1.0 GHz (or even an 800 MHz) for... I did some research and evidently I received the B2 Hardware version of the RT-AC68U as referenced in this forum:

https://www.snbforums.com/threads/rt-ac68u-rt-ac68p-rt-ac1900-rt-ac1900p.35759/

Unfortunately there is no model number info listed yet for the 1.4 GHz CPU in the new B2 revision of the RT-AC68U.

Is there any way to tell if this new 1.4 GHz CPU in the B2 version of the RT-AC68U has hardware enabled AES-NI ?

So far I have only unboxed the 1.4 GHz RT-ATC68U and used the stock ASUS firmware via the web GUI and android App so I don't know much about it yet. I am new to ASUS routers and I don't know yet if stock can be SSHed into, etc so please factor my newb-ness into any replies...

So far I have only had time to get it connected via WRT over USB 3.0 to an extra LTE phone but that is all the tinkering I have done so far. I plan to work on some OpenVPN next. If I have time I will try to do some testing on LTE and on my home-office's Fiber Optic ISP but may not have much time between work and travel and family...
 
Last edited:

Nodoze

New Around Here
... evidently I received the B2 Hardware version of the RT-AC68U as referenced in this forum:...
OK after doing some research I figured out how to enable the SSH deamon and found the following info on this new 1.4GHz RC-AC68U from Amazon:

[email protected](none):/tmp/home/root# uname -r -v
2.6.36.4brcmarm #1 SMP PREEMPT Fri Jun 3 09:56:54 CST 2016
[email protected](none):/tmp/home/root# cat /proc/cpuinfo
Processor : ARMv7 Processor rev 0 (v7l)
processor : 0
BogoMIPS : 2798.38
processor : 1
BogoMIPS : 2798.38
Features : swp half thumb fastmult edsp
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x3
CPU part : 0xc09
CPU revision : 0

Per the following thread it looks to be the same hardware just with a higher clock speed so basically when I ordered a AC-RT68U I essentially received something more like the RC-AC1900 Best Buy exlusive:

https://www.snbforums.com/threads/asus-rt-ac1900p-dual-band-wireless-ac1900-gigabit-router-reviewed.36368/

What I really care the most about for my use case is high OpenVPN speeds and it looks like the 1.4 GHz RT-AC68U will get approximately 55 Mbps (per page 3 of the above thread) which isn't terrible but no where near the 200+ Mbps the TR-AC86U can get.

Thankfully I am still in my return window so, unless someone replies soon to catch a mistake in my above analysis, I may just pay extra and get an 1.8 GHz (with AES-NI) TR-AC86U and return the 1.4 GHz AC-68U.
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Is there any way to tell if this new 1.4 GHz CPU in the B2 version of the RT-AC68U has hardware enabled AES-NI ?
It doesn't. Only the RT-AC86U (BCM4906) and GT-AC5300 (BCM4908) have AES-NI support. The BCM4709C0 used by the RT-AC68U does not.
 

Xentrk

Part of the Furniture
Don't have a super fast connection but here is a screenshot of my OpenVPN on the AC86U

Before VPN was Enabled
https://www.dropbox.com/s/rjx8vr9g3f41sqr/BeforeVPN.png

After VPN was Enabled
https://www.dropbox.com/s/wk076rckin4x96l/AfterVPN.png

This is all setting default on the router it self and following the IPVanish Guide for AsusMerlin firmware
Before on my AC66U_B1 i was only getting around 20 on the download.
The ping time for the Before-22 ms, and After -19 ms metrics are nearly the same. Which makes me wonder if you were connected to the OpenVPN tunnel during the After test. Is the VPN server you are connecting to near your geo location? Verify you are using the OpenVPN tunnel by going to a site such as whatismypublicip.com.
 

Neil Harding

New Around Here
The ping time for the Before-22 ms, and After -19 ms metrics are nearly the same. Which makes me wonder if you were connected to the OpenVPN tunnel during the After test. Is the VPN server you are connecting to near your geo location? Verify you are using the OpenVPN tunnel by going to a site such as whatismypublicip.com.
Yes the VPN server was a London based one. Also confirmed connection by doing a tracert and could see the route.

But will double check when I get home
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top