Router based VPN client

RoyMi6 · 13 Feb 2017 at 13:44

Anyone running one?

Currently using Asus RT-N66U (merlin) with PIA but my internet connection for the one computer set up to use the VPN connection drops to 5Mb/s when using it this way.

Reading online this is apparently a limitation of OpenVPN being limited to single core processing OR it could be a conflict with QoS.

In my case I've excluded the QoS limitation simply by disabling it and I'm still seeing the same speeds.

Running the PIA client on my desktop I can easily get full network bandwidth (73Mb/s) so looking for routing device that support a network based VPN client that can go at that speed.

Any suggestions?

EDIT: Should say, the reason only one computer is currently using the VPN connection is because of this massively reduced bandwidth.

pc-guy · 13 Feb 2017 at 14:10

your router will struggle to implement OpenVPN protocal and achieve 73mbps speeds.

you need some kind of self built router (running pfsense) or a soho router.

you basically need the computational power to encrypt and decrypt the AES.

also not all CPU has AES instructions embedded. but most of the main stream CPU from Intel has AES instructed built at hardware level but some of the current celeron processors don't have that.

If the CPU don't have AES instruction it will put significant amount of resources to do the AES encryp and decrypt therefore it will become a bottleneck and thus you probably will see drops in speed as well as limitation on running other services such as proxy/QoS etc.

RoyMi6 · 13 Feb 2017 at 14:16

Aye, as I thought - I can see that it's suffering directly from the performance graph showing 100% CPU usage whenever I fire up some network traffic from the test machine.

I was contemplating getting an Edge Router Lite to compliment my other Ubiquit kit (and make the pretty status icons light up green...) but I'm having difficulty finding information on it's VPN processing ability.

Any idea how well it performs?

neodude · 13 Feb 2017 at 15:27

I run pfSense as a VM with 4 dedicated cores, it handles OpenVPN without breaking a sweat. I highly recommend pfSense, as well as the dedicated hardware from pfSense themselves there is a load of suitable boxes on the Rainforest.

RoyMi6 · 13 Feb 2017 at 15:42

Yeah, I originally went down the pfSense route (https://forums.overclockers.co.uk/showthread.php?t=18765001) until I found my N66U and started tinkering with it.

Originally I thought I only needed a single extra NIC for my server but the practicalities of that in Windows made setup a bit of a pain.

Think I might just pick up a 3rd NIC (i.e. onboard one for regular server duties and I'd have two NICs for pfSense VM).

My only concern is performance with my i5 processor and the robustness of running my router on my server. At the moment it's very much a secondary piece of equipment meant for file sharing. Running pfSense on it would promote it to being a primary device that if it failed would mean I'd get it in the neck until it was fixed

pc-guy · 13 Feb 2017 at 17:00

i5 would be more than enough for pfsense. and having a server working running the VM is ok as most people do it that way.

file server/media server/firewall runs very little load and the system should be 100% stable and last ages. there is really nothing in it for it to go wrong other than the HHD. if you run the server and VM off a SSD then there is no issues.

ScoTTyBEEE · 17 Feb 2017 at 20:33

Go to Lan -> Switch control and disable NAT acceleration. Should push it up into the 30mbs I would have thought.

Also ensure it's setup as the first openvpn client and it uses both cores.

This is for a 68u so imagine its the same.