go558a83nk

I know this. What I'm saying is that removing TCP doesn't make UDP faster but that's what you imply. People who complain about openvpn being slow have already tried UDP as that's the default protocol with AirVPN and every other VPN I've tried. They're typically only using TCP if their network requires it.

Saying that wireguard gained performance by eliminating TCP is like saying my car got faster because I removed low gears. Physically impossible and it's just silly. Wireguard is supposedly faster because of its modern protocol and the fast chacha20 data cipher and that's comparing UDP vs UDP.

You'll probably need to SSH into the router to paste the proper iptables according to the above guide. With stock asus you'll have to do this every reboot of the router. If you got merlin asus you may be able to automate this using scripts saved in jffs .

server load won't affect ping unless it's 90% capacity or higher. And frankly even then it may not be affected since you can see that many of the servers can go over their 1000mbit/s limit. So, the real max capability is something greater than 1000mbit/s.

show us which servers you use that are overloaded. like I said, for it to affect ping it would have to be near 100%.

If you're connected to a server with plenty of bandwidth left and you get intermittent good speed then any speed fluctuation is your ISP. I see it too and it's all down to my ISP changing routes or something along the way being congested.

Server load wouldn't affect "ping" until the server was completely smashed. They aren't typically like that. You can check for yourself. More likely is your ISP has become more unstable as of late due to increased demand during covid problems.

those are old settings. AES-256-GCM is faster. and SHA512 is for tls-crypt configs.

Where do you have the send and receive buffer at? Have you tried different ethernet cables to the pfense box?

not at all. what that's showing, and it's normal when using openvpn GUI on windows, is that when you use openvpn GUI instead of Eddie you have a DNS leak which is ruining some of the privacy you gain by using a VPN. you want just the one (or two with ipv6) airvpn servers showing up as DNS servers.

You should never have gotten 50 if you were using Air DNS. 2 at the most, one ipv4, another ipv6. anymore and that's no Air DNS.

Mine pfsense setup is very fast What I have is in System>Advanced>Miscellaneous>Cryptographic Hardware AES-NI and BSD Crypto Device is Chosen. You must reboot after changes to this setting. Then in the openvpn configuration hardware crypto option I have BSD cryptodev engine selected. There is no AES-NI option there because as long as AES-NI is enabled on the system openvpn uses it automatically.

You got it, I just don't think there's anyway of implementing this in an Asus ROG router because they don't use Merlin on these devices because of the different architecture. Even if I were to SSH into the router and setup the iptables as soon as the router rebooted I'd have to perform the process over again correct? Without access to JFFS that is. Yes, when I was using asus I had to re-input every boot. But for me that was very rare.

Maybe I misunderstand the problem but I think this is what you are needing and is all you need. Easiest way is to just use an SSH command line session to copy/paste iptables for port forwarding. I've used these in the past on an asus router and this was all I needed. Remember to use ifconfig to see what TUN device your openvpn session is.

This is likely bufferbloat, packets start getting dropped, and it's especially bad with TCP. UDP would work better because packets don't have to arrive in order and no ack is required from the other side.