OpenVPN performance of the RT-AC86U

waterfox

New Around Here
Got the ASUS RT-AC86U yesterday. Have a 150/150 Fiber connection. Using Mullvad. Comparing with the Netgear R7800.

Netgear R7800 + OpenVPN:
ASUS RT-AC86U + OpenVPN:
ASUS clear winner. Saturating my Fiber connection.

Notes:
I am re-routing the DNS on WAN and LAN to go through a Pi-Hole that's connected directly to the router. I've added an exclusion on the OpenVPN client to allow the Pi-Hole to bypass the VPN. The Pi-Hole is using Cloudflare DNS. As a result, https://am.i.mullvad.net will claim I am leaking DNS requests.

EDIT: I ended up resolving the above by leaving the WAN DNS at auto assign and LAN DNS using pihole IP. The result is the router uses VPN's DNS while the pihole processes DNS for all clients on network. I took off the exclusion for the Pi - this way all DNS requests remain within the VPN encrypted connection.
 
Last edited:

Fuze

Occasional Visitor
Thanks for everybody who contributed to this thread. Now I want to order a AC86U, for my 250Mbps line, but there are 2 other options, the WRT32x and the WRT3200. Do you guys have a comparision between these?

I'd like to use it as IPVanish OpenVPN client up to 200Mbps, as you say it will be possible? Which of the router would you prefer?
 

sfx2000

Part of the Furniture
WRT32x and the WRT3200
With factory firmware - the OpenVPN support there, if I recall, Linksys only supports inbound as a server, not client mode.

With LEDE/OpenWRT, there are reports of the WRT3200 hitting around 112Mbps on PIA endpoints...
 

Fuze

Occasional Visitor
There is no much difference between WRT32x and WRT3200?

For my understanding the AC86U outperforms the Linksys?
 

RMerlin

Asuswrt-Merlin dev
For my understanding the AC86U outperforms the Linksys?
VPN-wise, yes. About 200 Mbps with OpenVPN and 300 Mbps with IPSEC.
 

Axan

New Around Here
Can someone please tell me if I can use VPN server and VPN client at once on this router?
 

eibgrad

Senior Member
Can someone please tell me if I can use VPN server and VPN client at once on this router?
This is a complicated subject and is not germane to this thread, or even specific to the ASUS RT-AC68U. You really should start a new thread. You'll probably get a better response. But briefly ...

Yes, it's possible, but it requires preventing the OpenVPN client from changing the default gateway from the WAN/ISP to the VPN, then using PBR (policy based routing) to route the network behind the router over the VPN.

dd-wrt makes this relatively easy because it offers a PBR field in the OpenVPN client GUI for these purposes.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=285873

I'm only offering the above link to explain what the problem is, and how the use of PBR can address it. And while I'm less familiar w/ Merlin, I suspect its existing PBR features could accomplish the same thing.

I also discuss other solutions in the following dd-wrt thread.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1129398

IOW, the problem is not specific to OpenVPN server (nor specific to any particular router), but *any* remote access over the WAN w/ an active OpenVPN client on the same router. What differs from firmware to firmware are the options available to address it.
 

RMerlin

Asuswrt-Merlin dev
So, just VPN-wise? AC86u is capable of DD/OpenWRT so there should no big difference between the ASUS and Linksys or do I get anything wrong?
I can't comment on wifi performance because I have no idea what's the performance of the Linksys models. In general, the RT-AC86U reviews were quite positive however, you can check the SmallNetBuilder performance database for more info.

Wifi performance is tied to the hardware, not to the firmware. Having DD-WRT on both won't mean anything there.
 

Fuze

Occasional Visitor
Just buying it for VPN reasons or is there a better/cheaper way to satisfy my needs (200Mbps OpenVPN)?
 

sfx2000

Part of the Furniture
So, just VPN-wise? AC86u is capable of DD/OpenWRT so there should no big difference between the ASUS and Linksys or do I get anything wrong?
germane to the thread - I've talked off-thread with folks, and the 86U does put up some good numbers with AsusWRT, better than what I've seen with the Linksys WRT* solution - not that the Linky is bad, it's just that the Broadcom chipset and the HND software board support package is pretty good for an ARM based router...
 

somms

Regular Contributor

https://i.imgur.com/1ORcgLZ.png


https://i.imgur.com/hv2LARi.jpg


End to end TAP udp via port 1194 OpenVPN tunnel throughput pictured above of XMission's Utopia active ethernet fiber network 1 Gbps up/down throughput on both ends.






https://i.imgur.com/z3vpFiE.png


https://i.imgur.com/2jU9pZ3.jpg


Pictured above is the normal https://xmission.com/utopia throughput attained on either end of this test over the Utopia fiber network...




FWIW: RT-AC86U gateway OpenVPN Server router is able to achieve the above throughput for remote OpenVPN clients running under Merlin's latest RT-AC86U_384.6_alpha2-g5b076fc87 test build OpenVPN server gateway AC86U successfully configured pictured above for a TAP/UDP via port 1194 to remote OpenVPN client router(s)...
 

doczenith1

Very Senior Member
Can this router OpenVPN client speed get above 300 Mbps if I have over 300 Mbps internet speed subscription?
If you take the time to read through the thread you'll see that the 86U tops out around 200-230 Mbps using openvpn and AES-128-CBC encryption. Heck, you don't even need to leave this page, just scroll up a few messages and you'll find your answer.
 

doczenith1

Very Senior Member
I have gigabit FTTH. The absolute fastest I've personally seen is 262 Mbps uploading with AES 128-CBC encryption through PIA using the DSLReports speedtest. If I'm not mistaken others that have posted in this thread have tested the openvpn speed across their LAN and saw similar speeds. Testing across the LAN is the best way limit variables and get a true speed. Your speeds are impressive as you are using the AES 256-CBC encryption where I was only using AES 128-CBC encryption. This makes me wonder if you fed your router Wheaties the day of your testing :)
 

doczenith1

Very Senior Member
About a year ago I hit 243 down and 550 up using the PIA Windows client. Average values using the Win client were 225 down and 450 up. My average download speed using the 86U is around 220 so PIA might be the bottleneck on the D/L side. I'm not sure if it makes a difference on openvpn speeds but my 86U's HW acceleration is Runner: Disabled - Flow Cache: Enabled
 

doczenith1

Very Senior Member
Looks like Ralphort deleted his posts, packed his bags and left town. Too bad as I was really curious as to how he was getting 300+ Mbps using AES 256-CBC encryption :rolleyes:
 

RMerlin

Asuswrt-Merlin dev
Looks like Ralphort deleted his posts, packed his bags and left town. Too bad as I was really curious as to how he was getting 300+ Mbps using AES 256-CBC encryption :rolleyes:
I'd be highly surprised that he truly achieved 300 Mbps. I did all my tests within my LAN, which meant there was no networking bottleneck - it was a 1 Gbps link between the server and the client.
 

RMerlin

Asuswrt-Merlin dev
Might depend on how things are tested and measured, packet size, etc.... I did my tests by running iperf through a tunnel.
 

RMerlin

Asuswrt-Merlin dev
Also note that using LZO will skew results, because highly compressible data will result in potentially higher throughput. That might be why you get 280 Mbps of encrypted throughput over a 250 Mbps provisioned service.
 

Sting

Occasional Visitor
Hi
Contemplating buying the RT-AC86U

I am on Fibre to premises. Dload 100mbps Uload 40mbps, I get uoto 97mbps down from US to Aus

I got Expres VPN. (for US Netflix hulu etc)

I got an AC88U, but 'open VPN' from Aus to US is tragic, between 6 to 24mbps down. (With L2TP i get 30 to 70mbps down)

I also got a Asus tm-ac1900, but sadly bought the incorrect router as it is no AI Mesh compatible (not very tech savvy so the fancy conversions to the 66U was not possiblke for me)

My main requirements are:

1) Faster 'Open VPN' speeds from US to AUS (prefer between 50 to 90mbps)

2) VPN Tunneling (As I want to have 'Open VPN" for US Netflix & Local Aus Servers for gaming, as pings with VPN are around 300ms) Both at the same time.
Would prefer ASUS standard firmware if possible.

3) AI mesh with 86U as primary, and 88U as secondary AI Mesh router

Thanks
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top