Download Speed dd-wrt router

[MessyNick 0]

Hi, I've tried a variety of servers / ports / udp/tcp but I'm not getting close to my download limit.

I'm using a router with dd-wrt running openvpn. When connected to the VPN I get about 7 (sometimes upto 9) Mbps, but when not connecting to the VPN I get 30 Mbps.

Are you able to test from my IP? When I go to the speedtest of the members area I get a DNS error message "The server at speedtest.air can't be found because the DNS look-up failed. " All other web-browsing is fine.

thanks in advance, I'm sure I'm making a school boy mistake!

Cheers

Nick

[Staff 9754]

Hello!

Nothing wrong, the CPU processing power of most DD-WRT router can sustain no more than 7-8 Mbit/s throughput of AES-256 encrypted traffic.

You can connect directly from one of your computers (leaving the DD-WRT router disconnected from the VPN) in order to make a performance comparison.

Kind regards

[iHabanCUeUtj 1]

If you're not averse to solutions like DD-WRT, it's probably worth considering a cheap (but not flimsy) PC and something along the lines of:

http://www.smoothwall.org/

http://www.pfsense.org/

http://www.ipcop.org/

There are some other choices out there that work similarly. Or, if you like ultracompact solutions like DD-WRT, I believe OpenWrt still runs fine on PCs, although I haven't looked into it in some time.

The EdgeMAX Lite ( http://www.ubnt.com/edgemax ) will be available in January or so, although I can't personally recommend it; not having one myself.

[jdubau55 0]

Same problem I ran into. I just turned an old PC into a router using the x86 distro of DDWRT. Older PC's are still 3-4 times as powerful as even the most powerful consumer router. The bottleneck is the router as it doesn't have the processing power to handle 30 mbps of AES256 encrypted traffic.

[HurderDurder 2]

Okay... So I was curious about this as well. Like me make sure I understand completely. Most routers cannot handle faster than 7-10 Mbps when encrypting AES256; but can get full speeds without encryption?

If that is the case 99% of my questions about AirVpn have been answered. To brag a bit. I have Netgear WNDR3800 with DD-WRT running sustaining speeds of 10-11 Mbps with occasional bursts to 15 Mbps.

Gonna have to dig out that old PC from the Garage and set it up as my router. New project :-)

[MessyNick 0]

Many thanks for all the tips / suggestions.

Guess I'm re-building the old PC that's gathering dust.

Cheers all.

Nick

[iHabanCUeUtj 1]

Okay... So I was curious about this as well. Like me make sure I understand completely. Most routers cannot handle faster than 7-10 Mbps when encrypting AES256; but can get full speeds without encryption?

Correct, with one caveat: some cheap wi-routers are underpowered enough that they may actually bottleneck unusually fast home Internet connections; unusual, that is, for the US. In some markets, Verizon FIOS or DOCSIS 3.0 cable modems may actually deliver upwards of 100Mbps. (Almost always downstream-only.) If you're using nothing but a cheap "wireless router" and its firewall software, it could end up overloaded--possibly well before you hit 100Mbps. Also? Many cheaper wi-router boxes have either all-100Mbps ports, or a gigabit "internal" switch plus a 100Mbps "WAN" port.

Most cheap home wi-routers ship with SoCs that allegedly accelerate AES operations. However, they're intended to be used for WPA/WPA2 encryption, and may not have any extra capacity for applications such as OpenVPN. On top of that, the accelerated functions are not necessarily well-documented, or even documented at all. Thus, it's unlikely that a package such as OpenVPN--or, more specifically, OpenSSL--has been compiled against these arcane functions.

Many of the low-end wi-routers are so spectacularly weedy that you may find you get notably better performance by turning off WPA/WPA2. Obviously, don't do this unless you take other steps to secure your AP.

[jdubau55 0]

You won't be able to connect to the VPN without encryption setup in DD-WRT. So you have to have it. Not having it on kind of defeats the purpose anyway. The CPU in most all consumer routers is not powerful enough to handle a load of todays faster ISP access speeds. With ISP's offering 25 Mbps and above it's tough to have a router capable of that kind of processing power.

That's where the x86 DD-WRT build comes into play. My old Dell is a P4 box running at 3.4 ghz with 4GB RAM. The most powerful consumer router I have found runs at 680 mhz and with maybe 128-256 MB RAM. You can see the ability for processing difference there. Even a Pentium 3 box can run circles around other routers.

My setup is a Dell P4 with onboard gigabit NIC and then just one add on PCI NIC card. Internet from modem goes into the onboard NIC and then the add in card acts as the only LAN port which runs to a Linksys E2000 also running DD-WRT that is setup as an access point only.

[iHabanCUeUtj 1]

You won't be able to connect to the VPN without encryption setup in DD-WRT. So you have to have it.

WPA encryption is completely unrelated to OpenVPN's encryption, in the same way that Windows BitLocker encryption is unrelated to encrypting an email with PGP/GPG.

That's where the x86 DD-WRT build comes into play. My old Dell is a P4 box running at 3.4 ghz with 4GB RAM. The most powerful consumer router I have found runs at 680 mhz and with maybe 128-256 MB RAM.

Clock rate is a poor indicator of performance, even in the same CPU family, and certainly in CPUs from the same manufacturer. A 680MHz Pentium III, if it existed (Tualatin at 666.67MHz would be closest), can retire more instructions per clock (IPC) than a 680MHz MIPS32 SoC. (You're probably referring to the Atheros AR7161.)

[jdubau55 0]

Ah I see now. You were saying that by turning off your wireless security you might be able to free up some CPU power for faster VPN throughput.

You can not argue though that a x86 box, even an older unit, will be able to handle more encrypted data giving you a higher VPN throughput.

All of your statements are valid. I think we are just on different pages.

[iHabanCUeUtj 1]

Ah I see now. You were saying that by turning off your wireless security you might be able to free up some CPU power for faster VPN throughput.

Yes. In fact, you'll likely see higher wireless throughput, period.

You can not argue though that a x86 box, even an older unit, will be able to handle more encrypted data giving you a higher VPN throughput.

In almost all cases, yes. If you resurrect an ancient Pentium box to do the work, my money would be on the cheap little consumer router. Once you get up into slightly later Pentium III territory (600MHz+), though, I'm not seeing any consumer gear with a CPU fast enough to compete. They're not really intended to, though.

I was simply pointing out that CPU core clock rate should not be relied on to determine performance, especially across completely different CPU architectures.

Case in point: the Pentium 4 hit about 3.6GHz before it was retired. A single core on an i7-3770 can sometimes reach "Turbo" speeds of just 3.9GHz, depending on cooling and the load on the other cores. Yet a single core on this CPU is far faster than a single core on the end-of-life 3.6GHz dual-core Pentium 4 CPUs. It also uses less power.

All of your statements are valid. I think we are just on different pages.

I think we're close.

[HurderDurder 2]

I dusted off my old PC and was able to get DD-WRT running on it and can connect to the internet using it. (After many hic-ups and an ultimate face-palm). I have tried versions 19342, 19519 and 17967 in the last day. I was able to port forward, Qos, etc as part of my testing process. I was unable to connect to AirVPN using the DD-WRT client. I set it up exactly as I did my DD-WRT router. Both manually and using the router backup.

Not to hijack another OP's post; but there are people on this string that have the knowledge and its the easiest way for my post to be seen by them.

What version of DD-WRT x86 are you using?

I get VPN log error .... Connection took to long, closing connection .... not exact words but close. I didn't save it. I will get exact log in a little while.

Thanks for your help.

[jdubau55 0]

3-19-12 v 18777 public version

This has no wifi support or usb support. That's why I went with an extra NIC and just using a wifi router as an AP

[HurderDurder 2]

Thanks for the quick reply.

Funny, that's what I use on my router and have tried the newest versions on it and have come back to it each time.

I honestly thought there was different development cycle for x86.

[iHabanCUeUtj 1]

What version of DD-WRT x86 are you using?

Assuming you can't use something like SmoothWall or pfSense or whichever for router + firewall + WiFi, the easiest thing to do is re-purpose your wi-router as a bare AP / bridge.

Most if not all cheap commodity wi-routers have no trouble at all doing this. Worst case, it complains that you have "no Internet access". Some actually have an official AP / bridge mode. If you're using DD-WRT, there's a simple switch or two right in the early setup panels to throw the "WAN" port into the same VLAN as all the other interfaces, and stop being a router. (The "WAN" port is frequently just another port attached to the same switching ASIC.)

Then run something simple and nice (like SmoothWall or pfSense or m0n0wall or IpCop or--) on the PC--something that's fully intended to run on Intel-compatible hardware, and doesn't support it merely as an afterthought.

Or, you know, install a full-grown Linux (or BSD) distro of your choice, with or without a nice GUI. I use Ubuntu Server, minus GUI, with Shorewall to avoid the pain of writing firewall and routing rules by hand. I was using a repurposed NetGear wi-router as AP, but I just upgraded to a Mikrotik RouterBoard unit for less than I paid for the crappy NetGear boxlet originally.

[HurderDurder 2]

I have DD-WRT running well on this old PC. I have my Netgear WNDR3800 with DD-WRT running on it and will set it up as a AP tomorrow after some more testing. The overall speeds have double thru the VPN. I'm happy. Unfortunately I think torrent downloads max out at 10-13Mbps due to the Down to up ratio. I only have 1 Mbps upload speed through my ISP. Video streaming has improved through the VPN.

I like learning new things. Thanks for the help.

[iHabanCUeUtj 1]

Unfortunately I think torrent downloads max out at 10-13Mbps due to the Down to up ratio. I only have 1 Mbps upload speed through my ISP. Video streaming has improved through the VPN.

Unfortunately, that's very likely. Up/down asymmetry through many ISPs is frequently very, very bad. 1:10 is common. How much speed are you missing? Do you have something closer to a 1:15 or 1:20 ratio? It's possible you could squeeze somewhat more speed out of your link, but only for TCP (that I know of), and it'll take some work:

https://encrypted.google.com/search?q=tcp+ack+prioritization

Your better A/V streaming uses UDP or UDP-Lite to fling packets as fast as possible while performing little error-checking. Streaming from sites like YouTube is all-HTTP (HTTP-on-TCP, as you do) streaming... that I'm aware of.

If you're looking solely to improve a BitTorrent experience, TCP ACK prioritization probably won't help. I'm not certain, but I believe most of your recent clients are now using the uTP protocol over UDP. uTP was first made the default in a μTorrent alpha release back in 2008. I think all the major clients support it now.

Still--virtually the entire "web", however that's defined nowadays, depends on TCP; so ACK prioritization may help for anything you might be doing with a web browser or other HTTP client. How much, I can't say.

[jdubau55 0]

Very satisfied with my build. The Dell I used was just sitting around waiting for me to load Linux and re-sell at low cost. Total investment on it was around $40 which is about a third of the cost of a high end consumer wifi router.

[mowax 0]

I have DD-WRT running well on this old PC. I have my Netgear WNDR3800 with DD-WRT running on it and will set it up as a AP tomorrow after some more testing. The overall speeds have double thru the VPN. I'm happy. Unfortunately I think torrent downloads max out at 10-13Mbps due to the Down to up ratio. I only have 1 Mbps upload speed through my ISP. Video streaming has improved through the VPN.

I like learning new things. Thanks for the help.

Hey bud, I have a brand new ASUS N66U and I was thinking of giving this a go with an old Dell that I have x 86, I was hoping to increase my speeds when connected to the VPN, all though, I thought the new router would have been able to cope with it, I maybe should downloads the windows client and see what the best ports and servers there are to use, I have a hex core here so encryption and the like from the windows based client should be able to cope.

Could you fire me over a link as the ones that I'm reading seem to date back some time now.

[HurderDurder 2]

QUick links can update when I get back home

DD-wrt v18777

ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2012/03-19-12-r18777/

Install wiki

http://www.dd-wrt.com/wiki/index.php/X86

Scroll down to windows install instructions.... Read at least twice.... Physdiskwrite and 18777 have to be in same folder... if using Win7 set pyhsdiskwrite (after unzip) to run as admin

[jdubau55 0]

QUick links can update when I get back home

DD-wrt v18777

ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2012/03-19-12-r18777/

Install wiki

http://www.dd-wrt.com/wiki/index.php/X86

Scroll down to windows install instructions.... Read at least twice.... Physdiskwrite and 18777 have to be in same folder... if using Win7 set pyhsdiskwrite (after unzip) to run as admin

Also go here and read the Vista/Windows 7 special instructions. I had to use that to wipe all the disk partitions as it kept failing the write.

http://m0n0.ch/wall/physdiskwrite.php

I tried several builds until settling on the 18777 build. I would just start with that one.