OpenVPN AES-256 DD-WRT vs Voxel

8 posts / 0 new
Last post
Adelscott
Adelscott's picture
OpenVPN AES-256 DD-WRT vs Voxel

Hi,

I'm running DD-WRT v3.0-r34900M kongat (02/14/18) on a R7800

Using it VPN client with AES-256 CBC encryption

The max bandwith I get is around 4MB/s (without router and vpn client running on local computer I get more than 20MB/s)

Should I switch to Voxel ? Will I get more bandwith ?

If yes then how to switch ? I guess I have to go to stock version first ?

 

Thanks

kamoj
kamoj's picture
Sounds very strange.

Sounds very strange.
I used DD-WRT on and off about a year ago, and then I got speeds of 90 Mbps as client
through OpenVPN (AES-256), but only after extensive tuning of parameters.
Since then I've continued the work with OpenVPN-client in the Voxel FW, and get about 112 Mbps.

You can expect around 100 Mbps from Voxels latest FW, 1.0.2.54SF.
But I doubt it will help you to change to Voxel, 40 Mbps as you get now is only half of what I experienced with DD-WRT.
Maybe you use another setting in DD-WRT than on your "local computer"?
I don't expect DD-WRT (especially Kongcats solid builds) to be that much degraded, even though I know
there has been a lot of problems (including performance) when changing to new 4.x kernel.
So maybe best to start tuning your parameters to boost your DD-WRT.

But yes, if you chose to go Voxel, you should use kongats ".bin file for reverting to Netgear stock" first.

If you stay with DD-WRT, check this DD-WRT R7800 forum:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=289788

If you chose the Voxel path, look here: 
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-...

Adelscott
Adelscott's picture
I compared configuration

I compared configuration files, I can't see any notable difference.

Is there any thread somewhere dedicated to optimizing openvpn speeds ?

kamoj
kamoj's picture
Yes, there are many threads

Yes, there are many threads both in this forum and in others.

Make a search for "vpn speed R7800" and you will find lots of info!
Here are some where I have been involved.
(With Voxels latest FW (1.0.2.54SF) I get 100+ Mbps!)

https://www.myopenrouter.com/forum/open-vpn-client-speeds

https://www.myopenrouter.com/forum/vpn-speed-voxels-fw-dd-wrt

https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-54sf.47947/#post-419737

Adelscott
Adelscott's picture
Thanks a lot !

Thanks a lot !

I throwed a bunch of parameters in config, those ones :

fast-io      # (Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to poll/epoll/select prior to the write operation.
nice -20     # Set highest possible nice priority
auth-nocache # Don't cache username/passwords in virtual memory

# Use together: tun-mtu must be < MTU and mssfix = tun-mtu - 40
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
tun-mtu 1500
tun-mtu-extra 32
mssfix 1460

With this I was at 6.3MBps (51.2Mbps), that's 50% increase.  OpenVPN taking < 35% of CPU

Tried also those 3 commands lines for ~1.5MBs (12 Mbps) bandwidth increase for a total of 7.8MBps (62Mbps).

for CPUFREQ in
/sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do [ -f $CPUFREQ ]
|| continue; echo -n performance > $CPUFREQ; done 

echo 2 > /proc/irq/255/smp_affinity 
echo 2 > /proc/irq/258/smp_affinity

Crazy thing is that now OpenVPN takes a little less CPU, it never goes > 29%

I'm not at 100+ Mbps, but you gave me near 100% increase with this, thanks again !

By the way where can I put those 3 commands to have them automatically running after reboot ? In DD-WRT startup script maybe ?

I wonder if there's any easy thing I can do. Here's the full configuration, in case you see something wrong ...

 

client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
mute-replay-warnings
remote-cert-tls server
cipher AES-256-CBC
tls-version-min 1.2
auth SHA256
verb 3
mute 20
auth-user-pass /jffs/password.txt
redirect-gateway def1 bypass-dhcp
setenv CLIENT_CERT 0
keepalive 10 60

fast-io      # (Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding a call to poll/epoll/select prior to the write operation.
nice -20     # Set highest possible nice priority
auth-nocache # Don't cache username/passwords in virtual memory

# Use together: tun-mtu must be < MTU and mssfix = tun-mtu - 40
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
tun-mtu 1500
tun-mtu-extra 32
mssfix 1460

tun-ipv6
route-ipv6 2000::/3
route-ipv6 ::/

kamoj
kamoj's picture
That's good news, thank you

That's good news, thank you for reporting back!

I see nothing wrong with your settings.
You can change the four 393216 values to 786432.

Next thing would be to optimize the connection, i.e. to which server you connect.
You're gonna get different speed depending on the OpenVPN-server load.

Since I've not run DD-WRT for some time, I don't know what max speed you can expect,
and I can't tell you where to add the commands to be run at start.

Have a fantastic day, and please report back again with your new findings!

Adelscott
Adelscott's picture
Thanks,

Thanks,

Tried with 786432, seems less efficient, went back to 393216

For those asking, yes we can put  the command lines in startup !

Voxel is the same UI as stock firmware ? Can we set specific firewall rules in it like in DD-WRT ? Or do we have to use ssh ?

kamoj
kamoj's picture
Yes, same UI as stock.

Yes, same UI as stock.

You can set rules but need to use telnet or ssh.