notauser 0 Posted ... This is my first experience using a VPN. I'm accustomed to torrent download speeds op 10 to 12 MB/s but with VPN i'm getting a combined torrent download speed of 1.3 MB/s I have a Asus AC66U running AsusWRT Merlin 380.61Download Station is running on my Synology NAS. I created rules to only route my NAS, my PC and my ipad through the VPN (excluding 2 tv's and 2 ipads which frequently use Netflix).I have confirmed the VPN is working and i'm not leaking my IP.I have created a port forward in the customer section of my AirVPN account for TCP & UDP (1 port for both)There is no port forwarding in my router for those ports (i removed the previous port forwarding.I have added rules to the iptable of the router and confirmed (using the TCP Test on 'Your forwarded ports') that the port is configured correct.Disk Station is using the same port for TCP and UDP that AirVPN has allocated to me. The CPU of my Asus AC66U router is at a constant 100% that 'might' be the problem. Is my router the problem? If so, what should the replacement be ? If not so, what am i doing wrong? Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Is my router the problem? Yes. You witnessed its AES encryption/decryption bottleneck Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
notauser 0 Posted ... Thanks for clearing that up. Is there a way to choose a lighter version of the encryption to overcome this bottleneck or is my only solution to buy a new router?What would be a good replacement that will still allow me to route only selected devices through vpn like Merlin allows me to do? Quote Share this post Link to post
go558a83nk 364 Posted ... thank you for doing so much work yourself. most things are easy to figure out by searching and not being dumb so it's a pleasure to see people that do so. for the router CPU problem I would suggest you just break down and build a pfsense box with a real CPU that has AES-NI. I built one for $127, so quite a bit cheaper than a good router. speaking of routers, even the $300 consumer routers will only get you about 60mbit/s openvpn speed....70mbit/s max. Quote Share this post Link to post
zhang888 1066 Posted ... thank you for doing so much work yourself. most things are easy to figure out by searching and not being dumb so it's a pleasure to see people that do so. for the router CPU problem I would suggest you just break down and build a pfsense box with a real CPU that has AES-NI. I built one for $127, so quite a bit cheaper than a good router. speaking of routers, even the $300 consumer routers will only get you about 60mbit/s openvpn speed....70mbit/s max. I second that. A dedicated x86 box would be much better than any cosumer router. So best setup in order to enjoy both worlds wouldbe a pfSense box and any 802.11AC router running openwrt for WiFi/NAS/P2P. Only buy an expensive all-in-one high end consumer router if you have no other options at all. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
notauser 0 Posted ... So best setup in order to enjoy both worlds would be a pfSense box and any 802.11AC router running openwrt for WiFi/NAS/P2P. I don't quite understand that. My router already does all the things i want it to do but not fast enough. I would expect a pfSense box to do anything my current router is doing minus the WIFI part.Wouldn't the optimal solution be to buy a ZBOX CI323 (i don't want bulky hardware) and install pfSense on that + connect it to my current Asus AC66U and put that in AP mode ? (why would the 802.11AC router need to be anything more than a dumb WIFI accespoint?)I read some people are using Watchguard x750e with DD WRT but it looks like it will only go up to 50Mbps over VPN.I have a brand new Synology DS916+ with 8GB of memory being a very expensive download station right now. Perhaps it could also perform as the router (maybe with Docker?).This is all very new to me and i'm a bit overwhelmed so i'm very open to best practices by experienced users like yourself. Quote Share this post Link to post
zhang888 1066 Posted ... CI323 can do, but note that most 802.11n routers will not provide 100Mbit over WiFi, regardless of the original top 300Mbit spec.So if you want a future proof AP, any 802.11ac router is for you - a general suggestion for all readers, not just in your case.I'm not sure what the the LAN<>WIFI throughput of your AC66U, but make sure it's not a bottleneck when you connect your pfSense to it. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
notauser 0 Posted ... I've done some research and i plan on buying the zotac ci323 nano with 16gb kingston memory and 120gb intel 530 ssd + ubiquity wifi ap.Because it is advised to run the ubiquity management software on a separate machine i plan to create a pfsense vm and a ubiquity mngt vm that will run on the ci323. Also, i just like playing around with virtualisation. Can anyone recommend specific vm software? Esxi?Anyone with the same setup that reasure me that this is the best way to go? Quote Share this post Link to post
zhang888 1066 Posted ... ESXi is bare metal, means it will have to run as your host OS.You don't need to run any software after the initial configuration of your AP, which can be done in the web interface as well.Your best option would be a bare metal pfSense install, in order to achieve 100Mbit and above OpenVPN speeds. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
go558a83nk 364 Posted ... pfsense VM is beyond me. what's the host OS? just curious, I'm no help here. Quote Share this post Link to post