Menu
What's new
By:
Filters Better Search

RT-AC86U OvenVPN client issue with the Custom Configuration section

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ian Macdonald

Ian Macdonald

Occasional Visitor
I have purchased an AC86U to replace my AC88U, primarily because of the superior VPN performance of the new chipset in this unit.

To prepare the new box, I installed 382.1_2 on it, the same version already running on my AC88U.

After configuring the new router to be identical to the old one, I noticed a problem with my OpenVPN client tunnels. Some are working, some are not, and some are not behaving entirely as expected.

After some time troubleshooting, I noticed the (probable) cause of the problem. When I upload the .ovpn files to the AC86U, many of them are truncated in the process. Only the first 200 characters or so of directives are making it into the Custom Configuration section of the client config.

Even stranger is that when I try to add the missing directives by hand, I'm not allowed to type in the Custom Configuration section. I can delete characters, but I cannot add any; not even the same number that I have just deleted.

I really hope this is just an obscure bug, and that the Custom Configuration section for the AC86U doesn't have some absurdly low limit on the amount of text it can accept. This has never been a problem on the AC88U.

I was able to get most of my client configs to work by changing the order of the directives, so that the less important ones were those that got truncated when the files were uploaded. This is a far from ideal solution, of course.
 
Ian Macdonald said:
I was able to get most of my client configs to work by changing the order of the directives, so that the less important ones were those that got truncated when the files were uploaded. This is a far from ideal solution, of course.
Click to expand...

In the interim (if this is indeed an obscure RT-AC86U bug), you can of course exploit the openvpnclientX.postconf scripts to include your 'missing' directives.
 
Last edited:
382.1_2 limits the Custom field to 170 characters due to limitations in the HND platform (255 chars max, has to be base64 encoded to be properly stored, which cuts things down to 170 characters).

382.2 will increase that limit to 510 characters.
 
RMerlin said:
382.1_2 limits the Custom field to 170 characters due to limitations in the HND platform (255 chars max, has to be base64 encoded to be properly stored, which cuts things down to 170 characters).

382.2 will increase that limit to 510 characters.
Click to expand...

That explains it. Thanks a lot.

As usual, the devil is in the details. I did notice upon booting for the first time that the AC86U has less NVRAM than the AC88U, but the difference didn't seem large enough to cause a problem, so I ruled it out.

It turns out that my ExpressVPN configs are the worst hit, as those produce approximately 300 characters of Custom Configuration. I've temporarily remedied this by taking @Martineau's advice (thanks for the tip!) and placing the entire custom configuration section in a openvpnclientX.postconf script.

For example:

Code: 
#!/bin/sh

# ExpressVPN Iceland

CONFIG=$1

cat <<EOF >> $CONFIG
up /jffs/scripts/ovpn_masq_up
down /jffs/scripts/ovpn_masq_down

fast-io
remote-random
pull
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
keysize 256
sndbuf 524288
rcvbuf 524288
EOF

It works, but I'd rather have the entire config accessible via the GUI. For that reason, I look forward to the release of 382.2. 510 bytes ought to be enough for anyone, right? :)

Merry Christmas from Amsterdam.
 
@RMerlin linked to the thread that is the best source for this information at the moment. I generally don't tax my VPN connections hard enough to run up against any limits and therefore haven't yet noticed any immediate differences.
 
The strangest thing is, that my DSL speed is already slow, without VPN. I live at the end of the telephone line, with a download speed of 8 Mbps tops... :-(
When using the VPN client it slows down to 5 - 6 Mbps. Tested various VPN servers from Windscribe.
I am getting a fiber connection this year, :) (500 up / down) and want things to go as smoothly as possible... Ordered the 86U, to replace my 3200.
I have to keep my kids happy... :)
 
RobbieBlok said:
Hi, I am curious about this also, I plan to replace my 3200 with the 86U...
Click to expand...
excuse me for buttin in...
I use 88U and now 86U, both using identical ovpn files, (torguard vpn) cipher strength,(AES-GCM128) wifi signal, Merlin FW, etc, everything same same and the 86U can achieve 150 mb download speed, the 88U struggles to reach 40Mb speed. I am connected to a server approx 1,000 kms from my location in SE Asia.
On expressVPN (AES-CBC256) the speed on the 86U is about 70Mbs, the 88U is about 30Mbs.

Seems the 86U is much better at processing VPN encryption.
 
unclebuk said:
excuse me for buttin in...
I use 88U and now 86U, both using identical ovpn files, (torguard vpn) cipher strength,(AES-GCM128) wifi signal, Merlin FW, etc, everything same same and the 86U can achieve 150 mb download speed, the 88U struggles to reach 40Mb speed. I am connected to a server approx 1,000 kms from my location in SE Asia.
On expressVPN (AES-CBC256) the speed on the 86U is about 70Mbs, the 88U is about 30Mbs.

Seems the 86U is much better at processing VPN encryption.
Click to expand...
86U has hardware accelerated crypto, 88U does not.
 
Jack Yaz said:
86U has hardware accelerated crypto, 88U does not.
Click to expand...
Well, I WILL be dipped in monkey shirt....(just joking).
is dat sumptin like Intel® AES-NI?
whatever it is, it has noticable impact on the vpn encryption function/performance.
 
You must log in or register to reply here.

Similar threads

L
Custom DDNS vs Drop Down List for Same Provider
Replies
3
Views
280
lukehjo
lukehjo
C
How can I do this.. Router VPN Client to Server 2
Replies
3
Views
316
ComputerSteve
C
icanfly
custom domains report NXDOMAIN for IPv6 DNS and fail to resolve in Alpine OS
Replies
2
Views
507
sfx2000
sfx2000
ArashT
Issue with tun interface
Replies
6
Views
746
singledog
S
Blankedy
AC86U OpenVPN server whilst in AP mode
Replies
3
Views
363
Blankedy
Blankedy
Similar threads
Thread starter Title Forum Replies Date
F ASUS RT-AC86U (merlin Current Version : 386.12_6): jffs2: Argh. No free space left for GC. Can you help me troubleshoot this please? Asuswrt-Merlin 6
D RT-AC86U no Quick Internet Setup wizard and fails as AI-Mesh node Asuswrt-Merlin 9
B FYI: AM 386.12 on AC86u - how to decrease # of random reboots Asuswrt-Merlin 4
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3
D RT-AC86U mesh node FTP issue Asuswrt-Merlin 7
BobMCT Help with ntwk connect to RT-AC86U USB drive? Asuswrt-Merlin 5
J RT-AC86U DNS leaks while using mullvad Asuswrt-Merlin 1
M AC86U - DHCP not assigning IP. Asuswrt-Merlin 6
G Miracast problems solved by router reboot -RT-AC86U 386.12_4 Asuswrt-Merlin 0
H Asus RT-AC86U problem wyze camera Asuswrt-Merlin 18

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 765 (members: 16, guests: 749)
Top