0

How can I make the router run the OpenVPN client without a huge loss of download speed?

My set-up: Laptop (and other devices) on 5G wireless -> Asus Wireless router connected via ethernet -> ATT Uverse router connected by twisted pair DSL -> internet.

ATT Uverse is sonic.net resold FFTN DSL, about 20 MBS down, about 2 MBS up.

System works fine normally, and installing OpenVPN client on my laptop shows negligible speed change over the routers. However, I'd like everything in the house to use the OpenVPN setup, so trying to run the built-in client on the Asus router.

Router has a built-in menu item for this under VPN section, where one simply uploads the .ovpn file to create the profile. Did that successfully, restarted the router, updated the firmware, all that good stuff. But if I turn on the built-in OpenVPN client, it connects correctly, but the speedtest.net numbers drops down to about 8 MBS down, and about 1.4 up. Turn the client off, and everything is back to full speed.

This isn't an issue of the exit node being different, as I can run the OpenVPN client on my laptop with the same profile, and the bytes fly through at the same speed as normal. I found a youtube video here:

https://www.youtube.com/watch?v=7ap57xp2WyM

Which showed a fix for exactly this same problem (on a different model Asus router) but their fix didn't work for me. However, it does seem similar enough that it makes me wonder if it might not be related to my problem.

In the video, it appears to be a bug in the QoS controls [8 mins in]. I tried his work-around, as well as turning QoS on and off, with no noticeable effect on the problem.

Aside from replacing the router, or flashing something like dd-wrt on the router, does anyone have any other suggestions to get back the speed I know the router is capable of while running the built-in OpenVPN client?

I believe the hardware should be sufficient to run the client without problem.

[Edit 1] - comment requesting more info

Asus firmware version - 3.0.0.4.380_7743

cipher (from the openvpn file) appears to be AES-128-CBC

Bits of the openvpn file, with certs and keys removed

# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=0
# OVPN_ACCESS_SERVER_ORGANIZATION=Sonic
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote ovpn.sonic.net 1194 udp
remote ovpn.sonic.net 1194 udp
remote ovpn.sonic.net 443 tcp
remote ovpn.sonic.net 1194 udp
remote ovpn.sonic.net 1194 udp
remote ovpn.sonic.net 1194 udp
remote ovpn.sonic.net 1194 udp
remote ovpn.sonic.net 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
[...]
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
[...]
cipher AES-128-CBC

Thanks.

JesseM
  • 792
  • 3
  • 8
  • 18
  • 1
    Provide more information about the version/build your using. Provide information on what ciphers you have enabled. Be as specific as possible. Without this information I cannot answer your question – Ramhound Jul 28 '17 at 04:00
  • 1
    Additionally provide the results from dsl reports instead which indicates your buffer bloat rating in both conditions. Your already running basically running dd-wrt/open-wrt it's just a ASUS branded version with OEM specific tweaks. In my experience dd-wrt and open-wrt are more trouble then they are worth. However it's very likely QoS and/or buffer bloat is indeed the problem. – Ramhound Jul 28 '17 at 04:14
  • Ramhound may be on to something. The bufferbloat is horrible in both cases for upload, but with OpenVPN on, the _download_ bloat gets big. That would seem to be the problem. Question is, is there anything in this router I can frob to help it? Rating is "F" in both cases for bloat, but quality goes from "A" (normal) to "C" with openVPN. Upload bloat was 1000-2000 ms!! in both. Download bloat was nonexistent (50ms) in clear, and 200 ms with openvpn – JesseM Jul 28 '17 at 04:32
  • Well it's likely a conflict with the installed version of the OpenVPN module and the installed QoS module. Installing OpenWRT would allow you to install a SQM module but your QoS module (at least the one in the video) already provides that (or that appears to be the case). Are you able to ssh into the router and manually pull from repositories yourself? This does happen with QoS disabled, correct? – Ramhound Jul 28 '17 at 04:38
  • Correct, QoS completely _disabled_ and OpenVPN _enabled_ in the router still shows the problem. The version in the video is not exactly mine, but very similar. I only have "traditional" and "limit" QoS options. I don't have SQM in mine. No ssh, but looks like I can enable telnet (ick) - various hacks to add ssh https://superuser.com/questions/811034/asus-rt-n66u-enable-ssh-access. If you can explain how to add SQM module, that would make a fine answer. What packages do I want from the repos? – JesseM Jul 28 '17 at 05:11
  • Your better off just using DD-WRT or OpenWRT if your router supports it – Ramhound Jul 28 '17 at 05:19
  • Your router is probably too slow for AES-128. OpenVPN doesn’t come for free in terms of processing power. [Take a look at Google](https://www.google.de/search?q=rt-n66u+openvpn+speed) to see how others fare. Your router is renamed RT-N66U. – Daniel B Jul 28 '17 at 05:43

0 Answers0