Jump to content
Not connected, Your IP: 3.238.132.225

Recommended Posts

Posted ... (edited)

I just setup AirVPN on my Netgear R6400v2 running DD-WRT and it works fine, the only issue is that the connection is much slower than a direct connection to AirVPN. Using Eddie I can easily reach 80-90mbps, but using the same server on my router I only get a max of 25mpbs. With the vpn off on the router, I get full speed just fine. I tried disabling LZO compression and it does not make any difference. Is there anything else I can do to improve the speed on DD-WRT? Looking at CPU usage, the router is not using much processing power so I don't believe its a limitation of the router itself.

Edited ... by singh124

Share this post


Link to post
23 minutes ago, singh124 said:

Looking at CPU usage, the router is not using much processing power so I don't believe its a limitation of the router itself.


Still try using ChaCha20-Poly1305 cipher.

data-ciphers CHACHA20-POLY1305
data-ciphers-fallback AES-256-GCM

.

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post

It actually is a limitation on the router itself typically. Most consumer grade routers struggle to encrypt/decrypt all of those packets on the fly and thus the overall speed suffers. Eddie is using your PC's processor, which is much better equipped for this. It's been discussed numerous times on these forums. The ChaCha20 cipher should help, but despite all of my efforts, I could never get any of my routers to get more than 1/2 (usually less) of my overall connection speed. Switching to a pfSense box has it maxed out and matching my connection when connected through the VPN.

Share this post


Link to post
Posted ... (edited)
2 hours ago, OpenSourcerer said:

data-ciphers CHACHA20-POLY1305

When I add this line to "Additional Config" section, OpenVPN doesn't start and does not leave a log. The Status page for OpenVPN is completely blank. Is that not the right section to add it?f
1 hour ago, SumRndmDude said:

Switching to a pfSense box has it maxed out

I was hoping that I wouldn't need to make a pfSense box because I plan to bring this to a small apartment, so I wanted something small that I can drop in.

I actually was able to improve speed a bit by changing LZO compression to Adaptive instead of YES. I can now reach speeds of about 40mb/s, which is better but still not optimal. Is it possible the router is thermal throttling? I noticed even at about 2% cpu usage it is at 60c, which seems a bit high for such little usage. Edited ... by singh124

Share this post


Link to post

After playing around in the settings more, I have gotten my upload speed to reach 50mbps, but the download speed is only 10mbps? If the upload speed is high, that must mean that the speed is not being limited by the CPU? I'm not 100% sure I have everything set up correctly because since the DD-WRT guide was written it has been updated to add a lot more options that I had to try and figure the correct settings for.
image.thumb.png.7f194cd9aa5e01f9692e947e612a5b72.png
image.thumb.png.d48dfcfd23e40e92accd86365ad54f33.png

Share this post


Link to post
Posted ... (edited)

I have a Linksys WRT1900ACSv2 running dd-wrt build 46816.  This router is faster than yours, but it's no superstar, and over my 200/10 Mbps ISP service my fastest test (dslreports.com/speedtest) thus far is 237.5/10.5 Mbps.  This was through an AirVPN server around 1,000 miles from here.  I don't know what your issue is, but I'm happy to share my config.

When I connect to my router using ssh and do openvpn --version, I see I am on OpenVPN 2.5.2.  I think this config should be good, however, for any 2.5.X version.

The keys and certs you need to get from the Air configurator with UDP entry 3 port 443 for TLS v1.2 chosen.  The four keys/certs have lots of names.  Here's what corresponds to what, shown here as

Air .conf tag / Air filename / dd-wrt GUI window / dd-wrt nvram var

<ca> / ca.crt / "CA Cert" / openvpncl_ca
<tls-crypt> / tls-crypt.key / "TLS Key (under advanced options)" / openvpncl_tlsauth
<cert> / user.crt / "Public Client Cert" / openvpncl_client
<key> / user.key / "Private Client Key" / openvpncl_key

You can paste this into the ssh window to configure the other parameters:
 

nvram set openvpncl_enable=1
nvram set openvpncl_mit=1
nvram set openvpncl_mtu=1434
nvram set openvpncl_certtype=1
nvram set openvpncl_tls_btn=1
nvram set openvpncl_tuntap=tun
nvram set openvpncl_remoteip=us3.vpn.airdns.org
nvram set openvpncl_remoteport=443
nvram set openvpncl_lzo=no
nvram set openvpncl_dc1=CHACHA20-POLY1305
nvram set openvpncl_dc2=AES-256-GCM
nvram set openvpncl_dc3=AES-256-CBC
nvram set openvpncl_cipher=AES-256-CBC
nvram set openvpncl_proto=udp4
nvram set openvpncl_auth=SHA512
nvram set openvpncl_config='mssfix 1406
auth-nocache
route-delay 5
verb 4
explicit-exit-notify 5
'
This example shows the generic US "server", but you can pick another.  Navigate away from the GUI OpenVPN client page and come back, and everything should be filled in and selected.  I also add a couple more lines to the Additional Config that are not included in the basic setup above:
rcvbuf 360448
sndbuf 360448
I tried 500000, but I saw this in the log: "Socket Buffers: R=[180224->360448] S=[180224->360448]"
and this suggested to me that 360448 was, for my particular router anyway, the largest meaningful buffer size.






  Edited ... by SurprisedItWorks
Omission in the original

Share this post


Link to post
On 7/25/2021 at 8:25 PM, singh124 said:

After playing around in the settings more, I have gotten my upload speed to reach 50mbps, but the download speed is only 10mbps? If the upload speed is high, that must mean that the speed is not being limited by the CPU? I'm not 100% sure I have everything set up correctly because since the DD-WRT guide was written it has been updated to add a lot more options that I had to try and figure the correct settings for.
image.thumb.png.7f194cd9aa5e01f9692e947e612a5b72.png
image.thumb.png.d48dfcfd23e40e92accd86365ad54f33.png


It's a good chance your ISP is traffic shaping when your upload is faster than download.  Try TCP for transport protocol (not UDP) and see if that helps.

Share this post


Link to post

I don't think TCP will work and it's actually advised against due to TCP over TCP not working properly.
My best bet about download speed is the CPU limit. The router has to run incoming traffic through more firewall checks AND NAT. Does the router have hardware NAT acceleration and enabled? Try disabling firewall or some of its rules/detections to see if it helps. OpenVPN is still single thread and whatever monitoring you're looking at is maybe not detailed enough to see.
One other knob to turn is tunnel device: TUN or TAP. And try to reduce tunnel MTU to see if it helps. I don't remember exactly what the common sweetspot values were for MTU but afaik 48 byte steps. So 1452, and then two more steps down too to try out. This will increase overhead. If the fragmentation was a problem it will help still.

Do you now have Chacha20 or not? The reason it didn't start was probably an old OpenVPN version.

Share this post


Link to post

It was definitely my router, I just picked up a r7800 and I am getting full speeds now. Thanks for all the tips.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...