Upgrade to RT-AC86 or alternative to handle OpenVPN client?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

saltire

New Around Here
Hi all. I've been dipping in and out of here for a while as I've found it a really helpful source of information. Finally got round to registering as need some advice on what to upgrade to. I currently have a AC68U running Merlin (albeit a fairly old version) and it's been ideal for my needs and 100% reliable. I now have need to set-up a OpenVPN client on the router and apply Policy Rules that Merlin allows. Got the VPN client (expressvpn) and Policy Rules (with a bit of Googling on CIDR notation - I'm a total novice at this) set-up and working successfully, only issue being that download speeds dropped by approx 75% with the OpenVPN client running on the router. I have a fairly modest service that tops out at approx 32Mbps download - but running this with OpenVPN client on the router this drops to about 8Mbps. Running the Win 10 expressvpn client on laptop saw speeds back up to approx 30Mbps.

Beyond the basics, I know very little about IT networking so naturally my first thought was I'd done something wrong with router set-up. But at least from what I've managed to search it seems that it's the AC68 hardware that may be the main reason for this bottleneck more than anything else.

Thought I'd ask for advice here though firstly to check, is it the AC68 hardware that is resulting in this loss of throughput?

If it is, is my best bet to upgrade to a AC86? I'm happy with Asus routers and like the fact that Merlin is also easy to get to grips with for a newb like me whilst providing the additional functionality I need.

Are there any other alternatives I should consider? Have also looked at Netgear's R7800 but as far as I can see I would need to flash Voxel/other firmware to get OpenVPN client functionality on it - and although I'm not afraid of trying these things I wonder if they offer too much functionality for what I need?

And whilst the AX88 looks very impressive for my usage needs it's OTT and would just be a waste of money. I've also come across posts on various hardware issues with the AC86 - I guess YMMV applies but I'm ok with returning if it comes to it.

Thanks.
 

Trip

Very Senior Member
The 68U should be able to hit 30-40Mb/s of OpenVPN, presuming that's the primary (only) CPU-bound service being pushed to the limit on the box. I would try a full factory reset and reload of the latest stable Merlin version on the 68U, then a manual re-config of your network's wired and base-wireless setups, being careful not to enable any services or settings which may break hardware accelerated NAT, other than OpenVPN itself. If you're still getting only 8Mb/s, then yes, it may be time to upgrade.

The AC86U has hardware accelerated AES and can hit ~200Mb/s of OpenVPN, although its reliability history isn't quite as spotless as the 68U (that's mostly from early-models, though, so just make sure to buy new). Another slightly cheaper option would be an AX58U, which, even though it lacks AES-NI, should still be able to do ~100Mb/s of OpenVPN, and from what I can tell hasn't had any hardware issues to speak of (too early to tell?).
 

CaptainSTX

Part of the Furniture
If you have a PC download and run your VPN provider's VPN client on the computer after turning off the VPN on your router then run a speed test. This will give you a benchmark or upper limit to what your VPN provider can do.

As previously stated your AC68 depending on what the clock speed of its processor is might be able to do 50+ Mbps. When experimenting try different levels of encryption and turn compression of. Also try different VPN servers. Generally the farther the server is from your location the slower it will test.
 

L&LD

Part of the Furniture
What version of RMerlin firmware are you running on the RT-AC68U? 'Fairly old' sounds bad to me. :)
 

saltire

New Around Here
Thanks - ok, that's interesting and good news if I can sort it.
@Trip I'm not going to pretend I know what might break NAT hardware accln so an example of what to avoid turning on would be very helpful.

Yep @CaptainSTX I did a speed test on laptop through the expressvpn client - with client stopped on router - and got close to my max download speed so the vpn provider speed is good. The OpenVPN client settings from expressvpn already have no compression and the client won't start if I try and change the encryption setting.

@L&LD ha, ha yes very probably! Currently running RMerlin 378.56_2 - sorry, probably should have led with that as well.

Sounds like a full reset, flash latest RMerlin, get basics connections set-up and then re-try OpenVPN client is in order - need to work around the boss somehow over the next few days. All good if it means getting more life out of the AC68 though.
 

L&LD

Part of the Furniture
@saltire your order is wrong. :)

The M&M Config guide in the link in my signature below should be of help to you to get the firmware upgraded and the router as stable and reliable as possible.

https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v43e6.18914/

The link above contains updated firmware based on RMerlin's fork. :)

Edit: Sorry, I got mixed up with my copy/pasting!

The link above was meant for another post.

For the RT-AC68U I would recommend the current RMerlin instead.

https://www.asuswrt-merlin.net/
 
Last edited:

saltire

New Around Here
Ideal thanks @L&LD I can follow all that. Just take some time working through the steps. Presume I can set a different IP address for the router once I've done the three steps under the flashing new firmware sub-section (unlocked HG612 takes 192.168.1.1) - iirc the router will default to this.

Noted - will go with the current RM release.
 

L&LD

Part of the Furniture
Yes, you can change the LAN IP address as you wish. :)
 

saltire

New Around Here
Quick update - so that's latest RMerlin firmware now installed, followed the steps in the M & M guide @L&LD so thanks for pointing me to that. Going to leave it for a few days before testing openvpn client. Looks like there was something affecting performance under the previous config though, and RAM usage has increased to about 60% which is encouraging - it never really got above about 25% before. Have also turned off the cache flush option - since generally unused RAM is wasted RAM. Will update once I've tried the vpn client (if anyone's interested :) ).
 

Trip

Very Senior Member
RAM usage has increased to about 60% which is encouraging - it never really got above about 25% before.
Higher ram on its own is usually not such an encouraging thing (could be indicative of memory leaks) but it could also just be that the version you were running before was so old that it was missing a lot of packages/services that have been added since (accounting for the difference in RAM usage), and/or certain services might have been crashing and/or no starting at all before the upgrade. Either way, what you ideally want to see is steady RAM usage over time, regardless of what the percent utilization is; this indicates processes and services that properly hold their memory usage without any leaks.
 

saltire

New Around Here
So I've tested one OpenVPN client today and whilst the speed was slightly better than before it was still only running at 11Mbps download. Without openvpn client running on router I get around 35Mbps. Using the vpn client on my Android phone and on Win 10 laptop I'm getting around 28Mbps. So using client on the router is considerably below what is attainable through my vpn provider's servers for some reason. I'll try a couple of the other servers and see if changing the compression level (default is none) gains anything.

Any thoughts from the more knowledgeable folk on here would be very welcome and much appreciated.
 

Trip

Very Senior Member
still only running at 11Mbps download. [...] Using the vpn client on my Android phone and on Win 10 laptop I'm getting around 28Mbps.
To be expected, roughly. Even though the router throughput is still disappointing (even for a 68U), the phone and laptop have vastly more powerful processors (laptop especially), and thus they're able to drive OpenVPN traffic at full speed, in-software.

Not sure how much further monkeying around you want to do with the 68U, and/or if client-based VPN is a good-enough workaround, but you may just want to upgrade to a more powerful model, such as an RT-AX58U ($160, draft AX wifi, ~100Mb/s of OpenVPN) or RT-AC86U ($190, AC Wave 2, ~150-225Mb/s of OpenVPN).
 

saltire

New Around Here
@Trip Many thanks for your input. Ok at least I know, as far as I can, that there's no issue with the 68U other than reaching it's hardware limitations. Using client VPNs will be good enough at the moment, just not quite as set and forget as I wanted to get set up for my wife. I like monkeying around but not to the extent that I cause any issues with internet connection as she relies on e-commerce website. I'll keep an eye out for deals on the AX58U and AC86U and see what turns up. At least the 68U is now up to date.

Plus just gained a wee bump in download and a very useful bump in upload speeds (from around 7 to 18Mbps) from turning off a QoS setting in modem. My service is only 40/20 anyway and given my distance from the cabinet (rural location in the UK so fttc is all we are likely to have for while) I'm getting pretty close to the max so happy with that.
 

Kingp1n

Very Senior Member
@Trip Many thanks for your input. Ok at least I know, as far as I can, that there's no issue with the 68U other than reaching it's hardware limitations. Using client VPNs will be good enough at the moment, just not quite as set and forget as I wanted to get set up for my wife. I like monkeying around but not to the extent that I cause any issues with internet connection as she relies on e-commerce website. I'll keep an eye out for deals on the AX58U and AC86U and see what turns up. At least the 68U is now up to date.

Plus just gained a wee bump in download and a very useful bump in upload speeds (from around 7 to 18Mbps) from turning off a QoS setting in modem. My service is only 40/20 anyway and given my distance from the cabinet (rural location in the UK so fttc is all we are likely to have for while) I'm getting pretty close to the max so happy with that.

Amazon Warehouse has "used-acceptable" condition (RT-AC86U) for $142!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top