Open VPN Client Speeds

11 posts / 0 new
Last post
no1knows
no1knows's picture
Open VPN Client Speeds

Hi everyone,

I've read on a couple of posts that the R7800 can achieve ~75mbit over VPN. My R7800 is capping out at ~50mbit. When connected directly from my PC, I can get full 200mbit over the VPN.

The router shows ~35% CPU usage when downloading through the VPN at 50mbit, so it doesn't look like the CPU is the bottleneck? 

I use NordVPN and they have instructions for DD-WRT here. Here's my openvpn.conf:

ca /tmp/openvpncl/ca.crt
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto udp4
cipher aes-256-cbc
auth sha512
auth-user-pass /tmp/openvpncl/credentials
remote uk83.nordvpn.com 1194
comp-lzo no
redirect-private def1
route-noexec
tun-mtu 1500
mtu-disc yes
fast-io
tls-auth /tmp/openvpncl/ta.key 1
tls-client
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
 
I've tweaked most of the above, and even tried deleting all the additional config lines, but the performance stays roughly the same.

I bought the R7800 as an upgrade to an R6400 to get faster VPN speeds, but I get roughly the same performance. If anyone has managed to get faster speeds, could you please share any tips/tricks/settings?

Thanks very much!

no1knows
no1knows's picture
Bump. Anyone?

Bump. Anyone?

kinakuta
kinakuta's picture
I can confirm, I experience

I can confirm, I experience the same bandwidth limits, even lower than yours, I can't get over 36mbit on my R7800 with roughly the same settings. I played around with the fragment / mtu sizes, but that didn't really change much. Disabling LZO compression increased the speed a bit, but that was all.

 

Peter Redmer
Peter Redmer's picture
I really wish I could help

I really wish I could help with this, but don't have an R7800 on hand to test.

I've been using Kong's latest on the R9000 and am seeing faster speeds on it than on any other router I've tested for OpenVPN -- likely due to the hardware crypto acceleration and the faster proc.

I noticed that in NordVPN's configuration they say to disable the firewall protection setting, but the screenshot shows it as enabled. I wonder if disabling this would improve performance. I've been searching around for info on what this setting in the GUI actually does and how it's differerent from the other firewall settings, but I can't seem to find a solid answer yet as to whether that is actually safe to disable. It seems to vary by provider.

kamoj
kamoj's picture
I just upgraded from Voxels

I just upgraded from Voxels FW R7800-V1.0.2.38SF to R7800-V1.0.2.41SF

The dowload speed of the OpenVPN-client (aes-256 cbc) has increased from 43 Mbps to 73 Mbps (dslreports) / 78 Mbps (speedtest).

no1knows
no1knows's picture
Anyone managed to get similar

Anyone managed to get similar speeds on a DD-WRT-based firmware?

kamoj
kamoj's picture
Yes, I have tried Firmware DD

Yes, I have tried Firmware DD-WRT v3.0-r33000M kongat (08-02-17) , and got 80-86 Mbit/s Download.
But with both Voxel and DD-WRT it makes a huge difference depending on how you tweak the .ovpn-file!

My biggest increase in speed is with these addings:

fast-io      # (Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to poll/epoll/select prior to the write operation.
nice -20     # Set highest possible nice priority
auth-nocache # Don't cache username/passwords in virtual memory
 
# Use together: tun-mtu must be < MTU and mssfix = tun-mtu - 40
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
tun-mtu 1500
mssfix 1460
 

There are other settings giving higher max speed, but then you suffer from buffer bloating instead.

Please report back your experienses!

XunilinuX
XunilinuX's picture
Four basic variables:

Four basic variables:
a) the encryption algorithm of your VPN service provider
http://blog.tuvpn.com/2011/02/vpn-performance-tests-for-different-cipher...
b) optimized/native OpenVpn compiled binaries for your router
c) the speed (CPU processing power) of your router to encryption/decrypt every single packet
d) the distance from your ISP to the VPN service provider

Query all four variables to understand why your VPN connection speed is higher or lower than anybody else's.

kinakuta
kinakuta's picture
Very nice, thank you. This

Very nice, thank you. This actually increased my speed from 36Mbit to 41Mbit with NordVPN.

 

no1knows
no1knows's picture
This increases my speed from

This increases my speed from ~35mbit to ~45-50mbit on DD-WRT v3.0-r34115M kongat (12/18/17). Thanks! The CPU is still only showing 40% utilised when I'm downloading as fast as possible though - and it sounds like we can get faster speeds using Voxel's openvpn binaries. Do you think Kong will include those in his DD-WRT builds?

crsarnelli
crsarnelli's picture
Hello all,

Hello all,

Can someone explain me what is line means? "# Use together: tun-mtu must be < MTU and mssfix = tun-mtu - 40"

I can see tun-mtu 1500 but I don't see MTU anywhere in my .ovpn.

Also, does it matter in which order those lines are added to my current .ovpn file?

 

Thank you!

cs