Posted: Mon Sep 18, 2017 19:08 Post subject: Open VPN low speed. Troubleshooting ideas?
Hello All!
STATS:
VPN DD WRT Router: Netgear R6700
Standard Router: Netgear R8000
ISP: Xfinity (Comcast)
PC: MSI GE72VR
VPN Service: NordVPN
Speed Test Service: Speedtest.net
Subscribed speed: 1000 MBPS D / 45 U
Observed Speed on R8000: 947 MBPS D / 45 MBPS U
Observed Speed on R6700 VPN Active: 15 MBPS D / 35 MBPS U
Observed speed on VPN PC Client: 900+ MBPS D / 38 MBPS U
VPN speed is simply too slow when the router is the client. I actually ran DD-WRT on the R8000, but the speeds were being limited to 340 MBPS *no vpn*. once I restored stock firmware, the speed went back to 900+ MBPS.
VPN support blames the router. I just want to confirm that on this thread.
We're talking about a serious amount of Bandwidth here, but the CPU utilization never jumps above 12% (VPN Support blamed CPU).
another interesting test, using the "NordVPN APP" gives me similar speeds to that of the DD WRT router, but using Open VPN client on PC yields the 900+ MBPS.
Do you have any suggestions for improving this speed?
What dd-wrt build are you using?
You probably want to run your VPN on your most powerful router, btw.
What settings did you put into the dd-wrt O-VPN client? Where did you get them from and what does the OpenVPN log look like?
And most important: How did you get a 1Gb/s upload account from Comcast? Didn't know they offered anything that high anywhere?
oops meant download
Sam _________________ multi-tier router stack
wrt 3200's for speed & cpu power, NG R6300v2's for WiFi AP's,
wrt 1200v2 for one of my secure subnets.
wrt54GLs for ad'l 3rd tier machines.
Last edited by Sam1789 on Mon Sep 18, 2017 22:39; edited 1 time in total
And yes that does sound like an "expensive priviledge" I'd thought they were still way back at 250 Mbs. Are you in one of their test areas?
Sam _________________ multi-tier router stack
wrt 3200's for speed & cpu power, NG R6300v2's for WiFi AP's,
wrt 1200v2 for one of my secure subnets.
wrt54GLs for ad'l 3rd tier machines.
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
Joined: 16 Apr 2016 Posts: 307 Location: California
Posted: Tue Sep 19, 2017 5:03 Post subject: Hardware Limitations
On a R6700...
You should be able to get 25 Mbps with UDP
You may be able to squeeze a fee more Mbps depending om what server you specify (closest server physically to you is better)
You are 100% being limited by the router.
If you want faster VPN speeds you need a faster router.
A Linksys WRT3200ACM is what you need to get 100+ Mbps on the VPN
Trust me... I know my $417
P.S. --> Router Processors are not in the same class as PC's (x86) and they can only encrypt and decrypt so fast. Unfortunately... These router companies are focusing on other routing needs and not VPN speeds.
For Gigabit style encryption you would need to do a custom x86 ddwrt pc build and make your own router. _________________ My Karma ran over your Dogma
SploitWorks Custom Flashed Routers
Last edited by sploit on Tue Sep 19, 2017 8:34; edited 1 time in total
Joined: 05 Apr 2017 Posts: 981 Location: Louisiana, USA
Posted: Tue Sep 19, 2017 6:53 Post subject:
Absolutely right. Because of heavy encryption speed is proportional to the router's processing power.
I have tried everything to 'squeeze' as much out of my poor little WRT1900AC v1 as possible.
I spent several hours just on MTU adjustments alone.
If you don't want to change your current hardware setup, then it will be a matter of dialing it in to find what works best for your configuration.
Closest geographical server
DNS Servers
TCP / UDP
Less encryption (128 vs 256)
...are all adjustments you can try.
From what I've read about Nord VPN they are very particular about their settings so some of these may not be available to you.
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
so it is confirmed that the Broadcom CPU (ARM?) simply can't achieve that high of throughput.
- TCP / UDP changes give a few more MBPS, but not enough
- NordVPN is very strict on which settings need to be used (Force 256). which is fine, I want good security.
- I am willing to spend some $$$ to get something worth while. a device that can handle Gigabit speeds won't be obsolete for at least a few years.
This causes me to evaluate the purpose of using the router, which is to provide a fast WIFI VPN in the home for Mobile devices and Roommates (not savvy enough to use it otherwise).
the best WIFI speed I have ever achieved is 270 MBPS
I think it would make the most sense to purchase a Hardware Firewall or device specifically made to achieve 300+ MBPS VPN throughput..... or maybe even build an X86 device to handle it as sploit suggested.
If you have any suggestions on brands or devices, I would be happy to hear them.
- NordVPN is very strict on which settings need to be used (Force 256). which is fine, I want good security.
There are quite a lot of articles questioning if that is true so I would put a huge question mark on it. Besides...what are you doing that you need 256 instead of 128 if I may be curious.. _________________ R6400v2 (boardID:30) - Kong 36480 running since 03/09/18 - (AP - DNSMasq - AdBlocking - QoS) R7800 - BS 31924 running since 05/26/17 - (AP - OpenVPN Client - DNSMasq - AdBlocking - QoS) R7000 - BS 30771 running since 12/16/16 - (AP - NAS - FTP - SMB - OpenVPN Server - Transmission - DDNS - DNSMasq - AdBlocking - QoS) R6250 - BS 29193 running since 03/20/16 - (AP - NAS - FTP - SMB - DNSMasq - AdBlocking)
Interesting, I will investigate this further regarding forced settings.
As for my need of 256.... If I told you why, I wouldn't really need to be using 256.. would I?😁
Well that's unfortunately true, but I had to try
About the question mark, I was talking about 128vs256bits which is more secure.In NordVPN you won't be able to use 128, only in PIA that I know of. _________________ R6400v2 (boardID:30) - Kong 36480 running since 03/09/18 - (AP - DNSMasq - AdBlocking - QoS) R7800 - BS 31924 running since 05/26/17 - (AP - OpenVPN Client - DNSMasq - AdBlocking - QoS) R7000 - BS 30771 running since 12/16/16 - (AP - NAS - FTP - SMB - OpenVPN Server - Transmission - DDNS - DNSMasq - AdBlocking - QoS) R6250 - BS 29193 running since 03/20/16 - (AP - NAS - FTP - SMB - DNSMasq - AdBlocking)