[coredumperror]

Due to the new anti-privacy law that just passed, I've decided to install a VPN for all of my traffic. I currently own an ASUS RT-N66U, which has only an 800 Mhz CPU. I set up the OpenVPN client on my router, but enabling the VPN sliced my download speeds from 100Mbit to a measly 10. My best guess, based on some research, is that my current router simply doesn't have the power to handle encryption of such high-speed traffic.

So I am considering buying a Linksys WRT1900ACS, since it has a much beefier 1.6 Ghz dual-core CPU. I also plan to flash DD-WRT onto it, to give myself better control over its functions.

But before I make this ~$160 purchase, I'd like to ask the folks here if they think it will be worth replacing my otherwise functional RT-N66U. Do any of you have experience using a VPN client on a WRT1900ACS, and know how well its CPU handles encryption of high-speed traffic?

I'm using Private Internet Access as my VPN, if that makes any difference. And when I run its VPN client on my PC, I get almost no slowdown compared to my default 100Mbit speed. However, that doesn't protect my privacy on any of my wireless devices, so I'd much rather be connecting to the VPN through my router.

[Redlineskis]

I have the same problem with my Linksys WRT1200AC router. It has 1.3Ghz processor and it cuts my internet speed in half. Typically I get around 75Mbps, but through the VPN its around 25mbps. The router requires a lot of restarts as well for some reason b/c the internet keeps dropping.

[Technozombie]

I have a 1900ACS and I'm wondering pretty much the same thing. Also, can i direct certain IP's through the VPN and others not? Basically, everything through the VPN except Netflix(to avoid blocking) and games(for better pings)? Thanks.

[macsbug]

Your throughput will depend on your VPN.

I use AirVPN with my WRT1900ACS, and I get over 90% throughput most of the time (about 118 without VPN, and about 110 with the VPN) using OpenVPN

Bypassing your VPN to a specific IP address is easy using IP Tables. With AirVPN, I added the following to the IPTables. (the example shown is for 192.168.0.21)

echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
iptables -t mangle -F PREROUTING
ip route add default table 200 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 200
ip route flush cache
## Add a seperate line for each LAN IPaddress
iptables -t mangle -I PREROUTING -i br0 -s 192.168.0.21 -j MARK --set-mark 1

[coredumperror]

@macsbug: How did you configure your VPN client on your router? I got around the same loss you described when running the client on my PC, but got a 90% loss in speed when running the client on my router.

I attributed the huge loss to the slower CPU on the router (my current one has an 800 Mhz CPU), but with the information you provided, I get the feeling that it may be something else. Unless there's that much of a difference in encryption power between an 800 Mhz CPU and a 1.6GHz dual-core one. But if that's the case, picking up a WRT1900ACS is a no-brainer.

[macsbug]

I followed the instructions on AirVPN's website to setup an openVPN client in the router, and then created the rules I wanted in an IPTable for port forwarding, bypassing the VPN and a Kill switch for IP addresses I wanted to make sure only worked through the VPN.

I would think that an WRT1200AC should be sufficient for use with a VPN, but since I don't have one, I can't test it.

Good luck

[coredumperror]

Hmmm, interesting. I followed the instructions for configuring OpenVPN on my current router, but the instructions were out of date. They probably weren't efficient, which could explain the poor performance.

I am going to pick up a WRT1900ACS to see how it fairs as the VPN client. I'll report back with the performance I manage to get.

[armkreuz]

I have the WRT1900ACv2 with PIA vpn.

My ISP speed is 120Mbps.

My speed with vpn active ( openvpn client )

[coredumperror]

Something I've noticed recently, at least with PIA, is that the speed I get, even when using the VPN client on my PC, is highly variable. Speed slowdowns seem to correlate to peak usage times, too.

Considering this whole internet privacy debacle is why I decided to get a VPN in the first place, I wouldn't be surprised if PIA, and other popular VPN providers, are getting overly high traffic right now, especially in California.

I bought a WRT1900ACS, so when I speed test it once it arrives, I'll be sure to do it at multiple different times of day, to check whether the issue is with the router, or with the service itself.

[kaivalagi]

Well I've setup PIA based OpenVPN on the r31791 build (WRT1900ACS V1) today, simple following PIA's guidance but using the strong certs on port 1197 and it's working out very well



And I'm on Vivid 100, yep that's 100...

So far I'm very happy with it, it's performing better than I was getting using the ISP's superhub 2 router direct without VPN

I'll keep checking with speed tests to make sure this isn't a one off but even if it is, it does show what is possible...

If PIA are getting swamped with new users and some are seeing over subscription of the services, I would hope it's only as short term thing and over time they'll increase the server capacities to support the bigger user base

[coredumperror]

I got my WRT1900ACS v2 today, and installed DD-WRT r31791 on it.

For those who were noobs like me, I got the DD-WRT build by going to ftp://ftp.dd-wrt.com/betas/2017/ then drilling into the latest build folder and finding the folder for my router model, "linksys-wrt1900acsv2". I used the factory-to-ddwrt.bin file, since I was installing DD-WRT over top of the factory firmware. The other file in there is for updating a router that already has a DD-WRT firmware installed.

After flashing the firmware, I was initially afraid that I'd bricked my router, because I could no longer connect to it. But this was user error, as I was still trying to connect through the linksyssmartwifi.com domain name. Switching to http://192.168.1.1 worked, and I was able to get into the DD-WRT config.

I configured the VPN client by following the direction from PIA here, then confirmed that it was connected, and did a speed test.

Frustratingly enough, I ended up getting the same horrible speeds I was getting with my previous router (barely 10mbps, on a 100mbps connection). So I tried the alternate config instructions from PIA for "older builds". To let it use the username/password from the config settings directly, I took out the "auth-user-pass /tmp/password.txt" line from Additional config, and skipped steps 22-27. That gave me a very slight performance boost (13mbps).

Frustrated, I went back to using the original OpenVPN config instructions, and checked out the Client Log in the Status -> Open VPN page of DD-WRT. Some warnings on there convinced me to try messing with the Encryption Cipher. I tried a few different ones, but ultimately went back to the one they suggest (AES­-128-­CBC).

And then, for no apparent reason, my speed issues went away. I can now get full 100mbps speed tests with the VPN client enabled.

I described the entire process I went through in the hopes that anyone else who suffers that odd performance issue might have the same luck I did with it suddenly going away.

[05dyna]

[kaivalagi]

[Geraner]

Very pleased with the OpenVPN Client functionality inbuilt in the DD-WRT firmware.


NordVPN with OpenVPN Client configured in my WRT1900ACSv2 running r31899.

Internet speed without VPN connection is:
Downlink: 250 Mbps
Uplink: 100 Mbps