1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN performance of the RT-AC86U

Discussion in 'VPN' started by RMerlin, Sep 14, 2017.

  1. waterfox

    waterfox New Around Here

    Joined:
    Jun 15, 2018
    Messages:
    1
    Got the ASUS RT-AC86U yesterday. Have a 150/150 Fiber connection. Using Mullvad. Comparing with the Netgear R7800.

    Netgear R7800 + OpenVPN:
    ASUS RT-AC86U + OpenVPN:
    ASUS clear winner. Saturating my Fiber connection.

    Notes:
    I am re-routing the DNS on WAN and LAN to go through a Pi-Hole that's connected directly to the router. I've added an exclusion on the OpenVPN client to allow the Pi-Hole to bypass the VPN. The Pi-Hole is using Cloudflare DNS. As a result, https://am.i.mullvad.net will claim I am leaking DNS requests.

    EDIT: I ended up resolving the above by leaving the WAN DNS at auto assign and LAN DNS using pihole IP. The result is the router uses VPN's DNS while the pihole processes DNS for all clients on network. I took off the exclusion for the Pi - this way all DNS requests remain within the VPN encrypted connection.
     
    Last edited: Jun 18, 2018
    umarmung and kamoj like this.
  2. Fuze

    Fuze New Around Here

    Joined:
    Jun 19, 2018
    Messages:
    4
    Thanks for everybody who contributed to this thread. Now I want to order a AC86U, for my 250Mbps line, but there are 2 other options, the WRT32x and the WRT3200. Do you guys have a comparision between these?

    I'd like to use it as IPVanish OpenVPN client up to 200Mbps, as you say it will be possible? Which of the router would you prefer?
     
  3. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,328
    Location:
    San Diego, CA
    With factory firmware - the OpenVPN support there, if I recall, Linksys only supports inbound as a server, not client mode.

    With LEDE/OpenWRT, there are reports of the WRT3200 hitting around 112Mbps on PIA endpoints...
     
  4. Fuze

    Fuze New Around Here

    Joined:
    Jun 19, 2018
    Messages:
    4
    There is no much difference between WRT32x and WRT3200?

    For my understanding the AC86U outperforms the Linksys?
     
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,407
    Location:
    Canada
    VPN-wise, yes. About 200 Mbps with OpenVPN and 300 Mbps with IPSEC.
     
    umarmung likes this.
  6. Axan

    Axan New Around Here

    Joined:
    Apr 2, 2014
    Messages:
    2
    Can someone please tell me if I can use VPN server and VPN client at once on this router?
     
  7. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    233
    This is a complicated subject and is not germane to this thread, or even specific to the ASUS RT-AC68U. You really should start a new thread. You'll probably get a better response. But briefly ...

    Yes, it's possible, but it requires preventing the OpenVPN client from changing the default gateway from the WAN/ISP to the VPN, then using PBR (policy based routing) to route the network behind the router over the VPN.

    dd-wrt makes this relatively easy because it offers a PBR field in the OpenVPN client GUI for these purposes.

    https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=285873

    I'm only offering the above link to explain what the problem is, and how the use of PBR can address it. And while I'm less familiar w/ Merlin, I suspect its existing PBR features could accomplish the same thing.

    I also discuss other solutions in the following dd-wrt thread.

    https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1129398

    IOW, the problem is not specific to OpenVPN server (nor specific to any particular router), but *any* remote access over the WAN w/ an active OpenVPN client on the same router. What differs from firmware to firmware are the options available to address it.
     
  8. Fuze

    Fuze New Around Here

    Joined:
    Jun 19, 2018
    Messages:
    4
    So, just VPN-wise? AC86u is capable of DD/OpenWRT so there should no big difference between the ASUS and Linksys or do I get anything wrong?
     
  9. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,407
    Location:
    Canada
    I can't comment on wifi performance because I have no idea what's the performance of the Linksys models. In general, the RT-AC86U reviews were quite positive however, you can check the SmallNetBuilder performance database for more info.

    Wifi performance is tied to the hardware, not to the firmware. Having DD-WRT on both won't mean anything there.
     
  10. Fuze

    Fuze New Around Here

    Joined:
    Jun 19, 2018
    Messages:
    4
    Just buying it for VPN reasons or is there a better/cheaper way to satisfy my needs (200Mbps OpenVPN)?
     
  11. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,328
    Location:
    San Diego, CA
    germane to the thread - I've talked off-thread with folks, and the 86U does put up some good numbers with AsusWRT, better than what I've seen with the Linksys WRT* solution - not that the Linky is bad, it's just that the Broadcom chipset and the HND software board support package is pretty good for an ARM based router...
     
  12. somms

    somms Regular Contributor

    Joined:
    May 28, 2008
    Messages:
    179
    [​IMG]
    https://i.imgur.com/1ORcgLZ.png

    [​IMG]
    https://i.imgur.com/hv2LARi.jpg


    End to end TAP udp via port 1194 OpenVPN tunnel throughput pictured above of XMission's Utopia active ethernet fiber network 1 Gbps up/down throughput on both ends.





    [​IMG]
    https://i.imgur.com/z3vpFiE.png

    [​IMG]
    https://i.imgur.com/2jU9pZ3.jpg


    Pictured above is the normal https://xmission.com/utopia throughput attained on either end of this test over the Utopia fiber network...


    [​IMG]

    FWIW: RT-AC86U gateway OpenVPN Server router is able to achieve the above throughput for remote OpenVPN clients running under Merlin's latest RT-AC86U_384.6_alpha2-g5b076fc87 test build OpenVPN server gateway AC86U successfully configured pictured above for a TAP/UDP via port 1194 to remote OpenVPN client router(s)...
     
  13. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    636
    Location:
    MI
    If you take the time to read through the thread you'll see that the 86U tops out around 200-230 Mbps using openvpn and AES-128-CBC encryption. Heck, you don't even need to leave this page, just scroll up a few messages and you'll find your answer.
     
    JoeBee and Clark Griswald like this.
  14. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    636
    Location:
    MI
    I have gigabit FTTH. The absolute fastest I've personally seen is 262 Mbps uploading with AES 128-CBC encryption through PIA using the DSLReports speedtest. If I'm not mistaken others that have posted in this thread have tested the openvpn speed across their LAN and saw similar speeds. Testing across the LAN is the best way limit variables and get a true speed. Your speeds are impressive as you are using the AES 256-CBC encryption where I was only using AES 128-CBC encryption. This makes me wonder if you fed your router Wheaties the day of your testing :)
     
  15. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    636
    Location:
    MI
    About a year ago I hit 243 down and 550 up using the PIA Windows client. Average values using the Win client were 225 down and 450 up. My average download speed using the 86U is around 220 so PIA might be the bottleneck on the D/L side. I'm not sure if it makes a difference on openvpn speeds but my 86U's HW acceleration is Runner: Disabled - Flow Cache: Enabled
     
  16. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    636
    Location:
    MI
    Looks like Ralphort deleted his posts, packed his bags and left town. Too bad as I was really curious as to how he was getting 300+ Mbps using AES 256-CBC encryption :rolleyes:
     
  17. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,407
    Location:
    Canada
    I'd be highly surprised that he truly achieved 300 Mbps. I did all my tests within my LAN, which meant there was no networking bottleneck - it was a 1 Gbps link between the server and the client.
     
  18. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,407
    Location:
    Canada
    Might depend on how things are tested and measured, packet size, etc.... I did my tests by running iperf through a tunnel.
     
  19. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,407
    Location:
    Canada
    Also note that using LZO will skew results, because highly compressible data will result in potentially higher throughput. That might be why you get 280 Mbps of encrypted throughput over a 250 Mbps provisioned service.
     
  20. Sting

    Sting New Around Here

    Joined:
    Aug 31, 2018
    Messages:
    4
    Hi
    Contemplating buying the RT-AC86U

    I am on Fibre to premises. Dload 100mbps Uload 40mbps, I get uoto 97mbps down from US to Aus

    I got Expres VPN. (for US Netflix hulu etc)

    I got an AC88U, but 'open VPN' from Aus to US is tragic, between 6 to 24mbps down. (With L2TP i get 30 to 70mbps down)

    I also got a Asus tm-ac1900, but sadly bought the incorrect router as it is no AI Mesh compatible (not very tech savvy so the fancy conversions to the 66U was not possiblke for me)

    My main requirements are:

    1) Faster 'Open VPN' speeds from US to AUS (prefer between 50 to 90mbps)

    2) VPN Tunneling (As I want to have 'Open VPN" for US Netflix & Local Aus Servers for gaming, as pings with VPN are around 300ms) Both at the same time.
    Would prefer ASUS standard firmware if possible.

    3) AI mesh with 86U as primary, and 88U as secondary AI Mesh router

    Thanks