Jump to content
RESET Forums (homeservershow.com)
james09

Router for VPN

Recommended Posts

james09
I am in the US. I have set up an openvpn on my ASUS RT-AC5300 router which I purchased due to its ability to run a VPN. I am lucky enough to have a gigabit connection. I am running a wired connection to my desktop and to my Roku device. With the VPN on the router disabled, I am getting speeds on the desktop of about 945 Mbps down and 650 up. With the VPN on the router connected, I am getting speeds of about 35 up and 40 down on the desktop. Plus, my Ruku device has major difficulty streaming Netflix and Amazon will not stream at all.
 
For obvious reasons, I wanted to use the VPN on the router, but the reduction in speed and lack of streaming ability are prohibitive. On my AC wireless laptop with the VPN connected, I am getting about 55 down and 108 up. Off, I am getting 220 up and 225 down. So, the VPN on the laptop and desktop is substantially reducing speeds, but not as much as it is being reduced with the VPN on the router.
 
My VPN provider (NordVPN) has been very responsive and helpful with regards to setting up my router, and has provided me with the following information with regard to the speed issue:
The downside to OpenVPN is that in its current architecture, it is not scalable. It runs as a monolithic process and cannot run multi-threaded.
This means that if you have a beefy processor with 8 cores and each of the core has 8 threads, OpenVPN will use only a single thread in one of the available cores.
 
Regarding routers - they do not have powerful CPUs, thus encrypting and decrypting OpenVPN traffic is a real challenge for them. For that reason the speed can drop by a large amount.

You could try increasing your speed by connecting to a few different servers (preferably to the ones in yours or neighboring country), changing between TCP and UDP, disabling QoS, SPI Firewall and NAT Acceleration (if your router has one). You could also try looking for the most optimal MTU value on your router which could be in the range from 1300 to 1500.

If these changes do not help and you are getting better speeds while connected to the same servers with our software on your computer, then unfortunately your routers hardware cannot encrypt the internet traffic fast enough and this is the reason for speed drop. In this case there is nothing that I can suggest you unfortunately.
 
I have messed with the VPN providers suggestions to no real success.  Does anyone have any Ideas? Suggestions? with regards to a router that I might us to run the VPN?  Thanks. Using speedtest.net
 
 
 

Share this post


Link to post
Share on other sites
Dave

Interesting problem.  I don't have an answer but makes me wonder about https://nordvpn.com/  Is it a good service?  Are you using it remotely as well?

Share this post


Link to post
Share on other sites
james09

Dave,

Although I choose NordVPN after looking around quite a bit, I am not defending it.  Nord was the best I could find at the time.  To me, their site is a little deceptive as is any site or information which seems to indicate that your noncommercial router can run OpenVPN.  Just as information, I have checked out VPNs and the most popular (affordable by me) all seem to offer their services using the  OpenVPN  software on their servers (PureVPN and VPNunlimited for example.)  While OpenVPN has some major pluses, all sites using OpenVPN seem to have the same problem: 

 
As the Nord rep. said:
The downside to OpenVPN is that in its current architecture, it is not scalable. It runs as a monolithic process and cannot run multi-threaded.
This means that if you have a beefy processor with 8 cores and each of the core has 8 threads, OpenVPN will use only a single thread in one of the available cores.
Regarding routers - they do not have powerful CPUs, thus encrypting and decrypting OpenVPN traffic is a real challenge for them. For that reason the speed can drop by a large amount.
 
It should perhaps be noted that Netgear no longer provides directions for connecting VPNs to their routers.

 

The website, That One Privacy Site does a fantastic job of comparing VPNs  https://thatoneprivacysite.net/   And there are a lot of things to consider such as where the site is located, DNS protection etc.  I used Tunnel Bear for free for about a year, and as a free service, they are quite good.  However, I had some concerns.  Please note, they were not about the company Tunnel Bear itself.  Based on reasonable cost (a deal: $79 for 2 yrs. 6 devices) I chose Nord.   

 

Nord is easy to use which is a blessing because the house accountant is definitely not a geek.  We use it on our Android phones, our laptops and on our desktops.  Due to speed issues, it is not turned on in my ASUS RT-AC5300 router, and we turn it off an on in our devices depending on the website (banking ect.)  The Roku and the chrome cast do not like it.  

 

If you or anyone else comes up with something better, I sure would like to know.

PS.  I miss listening to you, Jim, Drashna, Miner and Schoondoggy talking about home servers.  I do like the discussions about the mess routers.  Although, I am waiting for real access points (wired or power line) and perhaps power for VPNs to be added before I buy.  

 

  • Like 1

Share this post


Link to post
Share on other sites
marcusp

Try some hardware from www.mikrotik.com. If CPU speed will be not enough, buy Mikrotik CHR (Cloud Hosted Router) and run it on some powerful i5, i7 or Xeon - i think it will be enough. Some hardware routers (routerboard or cloud core routers) has hardware supported vpn encryption. Read the docs on the mikrotik website.

Share this post


Link to post
Share on other sites
Dave

Hey @james09, yeah, I miss storage chat too!  Last week was fun. http://reset.fm/30 and 31 will have follow up on that topic as well as some more storage talk.  

Share this post


Link to post
Share on other sites
james09

marcusp,

Thank you for the suggestion.  CPU thread count 9, CPU core count 9, ought to run something.   And, this looks like I would be moving up to a whole new level of router and networking knowledge.  I have bookmarked the site. and will return to study it over time.  I need to learn a lot more about the knowledge level the software requires before I head into something like this.  While my home is wired with cat 6, I sure do not need an SFP cage.

 

I appreciate the suggestion, and I am interested.  I will followup as time permits.

 

  • Like 1

Share this post


Link to post
Share on other sites
james09

 Dave,

I haven't missed downloading one of your podcasts in years.

Jim

  • Like 1

Share this post


Link to post
Share on other sites
marcusp

james09,

 

You can download Cloud Hosted Router Free, try and learn it. Free version has limit 1Mb/s per interface, no time or function  limited.  I think it is so enough to learn. If you want to buy, you can buy hardware with RouterOS or just activation code for Cloud Hosted Router for your free version: 1Gb/s per interface or no speed limit per interface. It is very fine software and hardware, I use it for my customers and myself from many years, especially as VPN server.

Share this post


Link to post
Share on other sites
DaMenace

You can do a search on Google for this file name and get a spec sheet on Mikrotik Router Boards that will work very nicely for what you are wanting to accomplish. I hope this helps.

RB2011_series-160118111112.pdf

image.thumb.png.50cf1530385cbbad0740b186075564c7.png

Share this post


Link to post
Share on other sites
marcusp

DaMenace,

 

this model can be to weak for 1Gb/s connection. In routing with no firewall rules it has  1481,6 Mbps (packet size 1518 bytes), but with 25 simple filter rules it has 689,8Mbps. I afraid, as router with VPN server (L2TP with IPsec, Open VPN or SSTP or IKE V2) RB2011 has too slow CPU. In my opinion maybe RB3011 is enough, or any CCR. But for try and for learning I would start with Cloud Hosted Router as Virtual Machine.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...