Sonic VPN makes FTTNx2 slower

Advanced feature discussion, beta programs and unsupported "Labs" features.
6 posts Page 1 of 1
by helinw » Sat Apr 08, 2017 8:45 pm

I am getting download 35mbps without VPN and 25mbps with VPN, on FTTN x2.
Any idea why this happens? I set up VPN on my ASUS router, behind ATT modem who DMZ to ASUS router.

by dane » Sat Apr 08, 2017 10:24 pm
Many routers cannot process VPN traffic at full rate. Others here may have pointers toward solutions that achieve high speed.
Dane Jasper
by drew.phillips » Mon Apr 10, 2017 3:52 pm
That speed seems to be on par with others who have used an Asus router for VPN got. The limitation is indeed as Dane said, the router can't process the encryption/decryption at the full rate.

In my experience, I've actually seen observed speeds go *up* using the VPN on FTTNx2 (e.g. from 50 Mbps to 53-55 Mbps).

A simple test would be to use the VPN client on a computer and see what max speed you get, then try it again through the router and see if it's limited.

None of the ASUS routers I've seen have dedicated AES chips (or instruction sets) so they're completely CPU bound for that.

If your ASUS supports OpenVPN, can you also SSH in to the router? If so and you are familiar with SSH, can you run the command "openssl speed aes-128-cbc" and report the results? We can then tell you the maximum speeds you'd expect to see with the router doing VPN.

I'm still hunting for a good off-the-shelf router that supports OpenVPN (without flashing custom firmware) *and* has a CPU that can see reasonable speeds over the VPN.
Drew Phillips
Programmer / System Operations,
by yuriw » Tue Apr 11, 2017 1:03 pm

pls see my results below, what would you expect to see on 1gb Sonic?


[09:39:50]> openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 24683719 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 6768773 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 1717502 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 434447 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 54205 aes-128 cbc's in 3.00s
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 131646.50k 144400.49k 146560.17k 148291.24k 148015.79k
by OpenVPN » Tue Apr 11, 2017 1:26 pm
I wonder how the Asus GT-AC5300 performs with OpenVPN since it has a 64bit 1.8GHz quad-core cpu? ... /overview/

There is also pfsense you can install or get with an appliance.

There were some other firewalls people have mentioned on the forums that will work but require some command line configuration.
by erichkuehn » Thu Apr 20, 2017 9:09 am
Having the Asus RT-AC5300 at my home, I can say, it does just fine. I have the FTTN 50M service to and speeds either on or off vpn are the same 45+mbps.
6 posts Page 1 of 1

Who is online

In total there are 3 users online :: 0 registered, 0 hidden and 3 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: No registered users and 3 guests