Slow VPN speed after FW Update from 384.19 to 386.2_4 ASUS RT-AC86U

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

tobifr34k

Occasional Visitor
Hi all,

i have a problem with my VPN speed after FW Update from 384.19 to 386.2_4 with my ASUS RT-AC86U Router.

With 384.19 i had a speed around 220 - 240 Mbps.

With all FW's after 384.19 i only reach VPN speed around 130 - 140 Mbps, but only if i use cipher AES-128-GCM. With cipher AES-128-CBC and CAMELLIA-128-CBC i can only reach around 100-110 Mbps.

I've made a hard reset before 2 days after upgrading from 384.19 to 386.2_4 and made all changes in options manually after that.

My vpn provider is perfect-privacy and he provides OpenVPN 2.4 only.

I didn't found an answer in this thread, if the problem is the provider or the Firmware: https://www.snbforums.com/threads/openvpn-client-speed-merlin-384-19-vs-386-1.70127/

I've opened a ticket already, but my provider told me that he dont think, that the problem is on his side :rolleyes:

Is OpenVPN 2.4 the main problem? I dont want to go back to FW 384.19.

Do you need the OpenVPN config to take a look of it?

i would appreciate if anyone could help me :)

Thanks in advance and sorry for my bad english!
 
Last edited:

tobifr34k

Occasional Visitor
noone?

My config:

auth-user-pass
client
dev tun
hand-window 120
inactive 604800
mute-replay-warnings
nobind
persist-key
persist-remote-ip
persist-tun
ping 5
ping-restart 120
fast-io
redirect-gateway def1
remote-random
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
script-security 2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
tls-timeout 5
verb 4

tun-ipv6

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

proto udp



remote **.***.***.*** Port

remote **.***.***.*** Port

remote **.***.***.*** Port



cipher AES-128-GCM
auth SHA512

ignore-unknown-option ncp-disable
ncp-disable

remote-cert-tls server

Rest are the certificates
 

CaptainSTX

Part of the Furniture
Basically the same results I experienced. New OVPN files from either Astrill or PIA didn't resolve issue.

As I only connect IoT devices to the VPN on my AC86 and not getting any useful support tips for my VPN providers I switched to StrongVPN which was slightly better but still less than 200Mbps and say good enough.
 

tobifr34k

Occasional Visitor
But why is the speed so bad with every Firmware after 384.19? Is the problem OpvenVPN 2.5? Which OpenVPN Version provides your provider?
 

slidermike

Regular Contributor
The vpn speeds you are saying you had prior to the update appear to contradict what Merlin said the hardware should be capable of for Openvpn.
200Mbps or or less is what his testing found. Maybe you were having better luck.

Have you checked your cpu load while speed testing the line?
Maybe running "top" from the command line to see what the irq usage is when maxing out the WAN.

You mention max speed ranges over vpn before and after updating your router but what about the clients.
Have you tested with wired clients, wifi clients who are on the 5ghz radio vs 2.4ghz.
Validating the wifi configurations for both channels is set to allow higher data rates?

Have your client devices recently had any patching/updates from their maker?
Have you validated your expected speeds without vpn and just going over the WAN interface?

Lastly, I would validate that the speed test endpoint your using hasnt changed. Whomever you are using for speed testing might have changed the location or capacity of their server.
Lots of things go into speed testing and much of it is out of your control or visibility.
Is the juice worth the squeeze?
 
Last edited:

Odkrys

Senior Member
There may be a problem with the cpu priority.
I have confirmed that the USB transfer speed has dropped in the latest version, but I don't care because my router is currently being used in AP mode.
If many users report, I think Rmerlin will look into the problem.
 

Odkrys

Senior Member
If it's important to you, it's also a not bad idea to use an older version until the problem is fixed.
 

octopus

Very Senior Member
I'm using 386.2_4 and I get full speed 200mbs with my rt-ax86u and AES-NI.
Latest CHACHA20-POLY1305 chiper used.
 

Thorton

Regular Contributor
The same issue here (AC86U). Using 386, my VPN speed dropped to 180-200 mb/s. Always had ~300 mb/s in the past. I thought it was fault of VPN provider, but it seems that's not the case.
 

tobifr34k

Occasional Visitor
The vpn speeds you are saying you had prior to the update appear to contradict what Merlin said the hardware should be capable of for Openvpn.
200Mbps or or less is what his testing found. Maybe you were having better luck.

Have you checked your cpu load while speed testing the line?
Maybe running "top" from the command line to see what the irq usage is when maxing out the WAN.

You mention max speed ranges over vpn before and after updating your router but what about the clients.
Have you tested with wired clients, wifi clients who are on the 5ghz radio vs 2.4ghz.
Validating the wifi configurations for both channels is set to allow higher data rates?

Have your client devices recently had any patching/updates from their maker?
Have you validated your expected speeds without vpn and just going over the WAN interface?

Lastly, I would validate that the speed test endpoint your using hasnt changed. Whomever you are using for speed testing might have changed the location or capacity of their server.
Lots of things go into speed testing and much of it is out of your control or visibility.
Is the juice worth the squeeze?
contradict what RMerlin said? I have the AC86U and he reaches the same results (~200mbits/sec).

I use the AC86U since over 1 year with different firmwares. The speed with OpenVPN was always the same (~200 mbits/sec). After upgrade to any firmware later than 384_19 slows my VPN-Speed. A downgrade to 384_19 give back the speed immediately.

I have only wired clients, wifi is disabled. Over WAN i reach fullspeed (300mbits/sec down / 50 mbits/sec up)
 

tobifr34k

Occasional Visitor
I'm using 386.2_4 and I get full speed 200mbs with my rt-ax86u and AES-NI.
Latest CHACHA20-POLY1305 chiper used.
Sounds interesting, but i cant use that cipher. I can only choose:

AES-256-GCM
AES-128-GCM
AES-256-CBC
AES-128-CBC
CAMELLIA-256-CBC
CAMELLIA-128-CBC


And OpenVPN 2.4 is max. Which VPN Provider do you use? Can you choose OpenVPN 2.5?
 

octopus

Very Senior Member
Sounds interesting, but i cant use that cipher. I can only choose:

AES-256-GCM
AES-128-GCM
AES-256-CBC
AES-128-CBC
CAMELLIA-256-CBC
CAMELLIA-128-CBC


And OpenVPN 2.4 is max. Which VPN Provider do you use? Can you choose OpenVPN 2.5?
If you use AES-NI chiper doesn't matter. My provider support both AES-256-GCM and CHACHA20-POLY1305 and get same speed on both. They update every time openvpn comes out with new version and use OpneVpn 2.5. I use ovpn.com

In you case I should use AES-128-GCM chiper as it's faster than "-CBC"

btw: try to remove "tun-ipv6" from your config and test again. ( pull-filter ignore "tun-ipv6" )
 
Last edited:

tobifr34k

Occasional Visitor
Upgraded to FW 386.2_6 a few minutes ago. Made a hard reset before the update and after the update a made a reset in the gui, just to be on the secure side.

As i posted in the first post i use AES-128-GCM already because i reach the best speed with it. I try to remove tun-ip6 and test it again. Should i use pull-filter ignore "tun-ipv6" instead in my config?
 

octopus

Very Senior Member
Should i use pull-filter ignore "tun-ipv6" instead in my config?
Just remove it from your config.
You only need the other if its pushed from server.
 
Last edited:

tobifr34k

Occasional Visitor
Speed OpenVPN.JPG


it doesnt change anything. If you have the same speed with the newest FW it must have to do with my vpn provider, i think. I have to look if i can test another vpn provider.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top