I’m thinking if buying the GT-AX6000, but the GT-AXE16000 has twice the ram. Not sure if that will improve my VPN performance. Feel free to recommend another router for better VPN performance. Thank you!
How fast VPN do you need?
I have an Asus RT-AX86U and have tested the VPN running on the router to 840Mbps (I have 1Gig fiber that tests at the router to 942Mbps up & down). I don’t think it is an issue of how much ram, instead how fast your CPUs (server AND client) can encrypt/decrypt the VPN packets for the cipher they negotiate. I am using AES-256-GCM cipher, which, on my router tests faster than CHACHA20-POLY1305, the cipher used by Wireguard.
https://evenroute.com/equipment/iqrouter-pro-
I would look at the IQRouter Pro, you will need to buy an access point for it to get wifi, but I would suggest buying a TP Link EAP610, or it looks like they offer an access point for $70 you can add to the Pro unit.
This device is an x86 cpu so it will be much more powerful than the GT-AX6000 arm process.
I have a RT-AC86U on both ends. The should have the same CPU as the RT-AX86U, except mine is 2 cores and yours is 4 cores. However, what I’ve read is that OpenVPN runs single threaded, so additional cores might not help.
I will investigate my cipher settings and get back to you.
Also, one router is the VPN server in the US, and the client router is in Europe. Both are connect to 1gb fiber optic.
Should I turn off compression to speed up the bandwidth? I’m using AES-128-CBC.
I’d post a screenshot of my settings, but reddit wont let me.
Does not necessarily depend on raw CPU power - some chips have optimized AES encrypt/decrypt.
Again, I get 840Mbps on an “ordinary” router…how much more speed do you need?
Interface type = TUN
Protocol = UDP
Compression - Disable
Use AES-256-GCM or AES-128-GCM if both server & client support it
Custom Conf = fast-io
You can check ciphers on your server (router) by ssh into it then:
openvpn —show-ciphers
And then try the speed of the ciphers (higher is better):
openssl speed -elapsed -evp aes-256-gcm
openssl speed -elapsed -evp aes-256-cbc
I just updated my VPN Server router to use AES-256-GCM and i disabled compression. I also added the custom config of fast-io. It doesnt seem to have done much to speed things up.
I’m getting about 65Mbps up and down with a 110ms ping.
As I said, I have 2x RT-AC86U, one as server and one as client. Server is in US and the client is in Europe. Both are connected to 1gb fiber. It’s enough for me to get the job done, but I’d love for it to be faster and especially reduce the ping. Any other ideas?
What version of OpenVPN & openssl are running on each? Look in the logs (System Logs) to see what cipher they negotiated.
Are you running Merlin AsusWRT on them? I recommend you do.
I assume you have a DDNS pointing to your server in the US? Is that the ping time from one router to WAN IP address of other? ex ping -n 111.222.231.1
Just did a World Ping Test (I am in SLC Utah USA on Google Fiber) - pings to Europe are all higher than your, so consider yourself lucky!
I heard about this custom firmware, but I assumed that the latest version of the stock ASUS firmware had everything I needed to run the vpn at high speeds. Will Merlin really make a difference? Thanks for all the advice, you really seem to know your stuff.
Merlin works with the Asus team (but not for Asus) - he stresses stability but also offers some ability to tweak through custom scripts. He updates the GPL software regularly so some may be more recent than stock. I have been using his firmware on 3 different routers for > 10 years. It may not make a difference, but his OpenVPN is at version 2.6.5 and openssl at 1.1.1u, so he has the latest of both.
Are you running your VPN over UDP? Did you see anything in the logs about your connection?