Question OpenVPN server speed on Archer C1200?

[DSD27]

I'm running a OpenVPN server (udp) in my Archer C1200 and I never get more than 8Mbps... Is it normal for this router? Or are there some settings I could tweak?
I've seen people on the internet saying they get 80Mbps with this router, or the older C7. I have a 100/100 connection on the server and 100/50 on the client, both through ethernet cable.

I tried disabling QoS and I think it imporeves like 1 Mbps.. I tried enabling Nat Boost, made nodifference. Nat Boost can't be enabled at the same time as QoS.
I think this router has a 900Mhz CPU, is it actually good enough or people may be wrong when they say they have all that speed?

 

[JackMDS]

8Mb/sec is a typical to what One gets from DSL.

Faster Router does not make DSL faster.

.

 

[DSD27]

8Mb/sec is a typical to what One gets from DSL.

Faster Router does not make DSL faster.

.

You didn't read what I said, I have 100/100Mbps on the server and 100/50 on the client, fiber, of course...

 

[mxnerd]

How do you measure the speed? Using Speedtest.net? Any screenshots?

Archer C1200 seems doesn't come with OpenVPN server. You flashed it with DD-WRT firmware?

==

Oops, it does come with OpenVPN server.

https://www.tp-link.com/us/products/details/cat-9_Archer-C1200.html#specifications

 

[JackMDS]

Are those the Speed of your Internet connection?

The VPN is use to go Out to the Internet?

.

 

[DSD27]

How do you measure the speed? Using Speedtest.net? Any screenshots?

Archer C1200 seems doesn't come with OpenVPN server. You flashed it with DD-WRT firmware?

I use speed test and Steam downloads. Yes it comes... https://www.tp-link.com/us/products/details/cat-9_Archer-C1200.html#specifications



I think there is no DD-WRT for this router...

 

[mxnerd]

Did you test it on wired or wireless connection?

==

Oops again. You said it's through cable.

 

[DSD27]

Are those the Speed of your Internet connection?

The VPN is use to go Out to the Internet?

.

Yes. And yes. But it's not too far away, I only get 68 ping. I tried inside the house where the router is through 4G connection and the speed was the same.

 

[mxnerd]

Maybe you should check your cable?

Can you check if the ethernet port was running at 100Mbps? You can check router or switch's port LED light indicator.

or check Local Area Connection Stratus speed.

If the cable is bad, it might run at 10Mbps only, and causes the VPN speed capped at 8Mbps.

 

[DSD27]

Did you test it on wired or wireless connection?

It's on the first post... 100/100 internet connection where the server is and 100/50 internet connection where the client is, both though ethernet cable. But I also tested openvpn through wireless, I always get the same openvpn speed, 8.something Mbps max...

 

[mxnerd]

It's on the first post... 100/100 internet connection where the server is and 100/50 internet connection where the client is, both though ethernet cable. But I also tested openvpn through wireless, I always get the same openvpn speed, 8.something Mbps max...

You always replied after I made modification.

 

[DSD27]

Maybe you should check your cable?

Can you check if the ethernet port was running at 100Mbps? You can check router or switch's port LED light indicator.

If the cable is bad, it might run at 10Mbps only, and causes the VPN speed capped at 8Mbps.

I get the 100Mbps through cable without using the VPN, and I get 53Mbps through Wifi 2.4Ghz also.. It's really about the openvpn.

 

[mxnerd]

I get the 100Mbps through cable without using the VPN, and I get 53Mbps through Wifi 2.4Ghz also.. It's really about the openvpn.

Alright. It's a bit weird the number is so low.

 

[DSD27]

Yeah...
I came here because I really don't know what to do anymore... and I want to know for sure if this router is actually capable of more openvpn server speed or not... I know it's CPU intensive.

 

[mxnerd]

Run tracert www.google.com command from client and post the result similar to this.

 

[mxnerd]

Yeah...
I came here because I really don't know what to do anymore... and I want to know for sure if this router is actually capable of more openvpn server speed or not... I know it's CPU intensive.

Yeah, ideally, the CPU should support encryption like INTEL's AES-NI feature. Don't know what consumer router comes with CPU that supports encryption though.

BTW, did you try TCP protocol?

And does TP-Link OpenVPN Server/Client support logging? If yes, turn on logging feature and take a look at the logs.

And what encryption level did you use?

 

[DSD27]

Hm.. I will have to look at that later today, do I need to download anything?

I tried TCP, it's a little slower. It only uses 128 encryption, we can't choose. I have the options the same that appear here: https://www.tp-link.com/us/faq-1237.html , not much choice.

Logs show this that seem out of normal (red text): WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=7]
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

 

[mxnerd]

1. You don't have to download anything to run tracert, it's build-in.
2. Have you updated the router's firmware to newest version?
3. Make sure you don't have same IP range on both ends. It has to be different. It can't be both in 192.168.0.0 range, let's say. If it's same on both sides, OpenVPN does't know hot to route packets. The packets will bounce back and forth and slow down the traffic. It should be 192.168.0.0 on one side and 192.168.1.0 on the other, for example.
4. regenerate certificate after you made changes.

 

[DSD27]

Yes, latest firmware was the first thing I did after unboxing.
I don't have the same ip range, the server is 168.0 and the client is 168.1.
I already regenerated the certificate after disabling and re-enabling the server, more than once. I had to, otherwise it wouldn't even work.

 

[mxnerd]

Sorry, I have tried my best. Maybe someone else can help.

 

[DSD27]

I know.. It's a complicated one
Ths is a common budget router, I was expecting that someone that owns it would appear here and at least confirm if it can achieve more or not.

 

[mxnerd]

Not about speed issue.

==

If you add the following lines to your client.opvn file, then the following 2 warnings you mentioned above will be gone.

WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

remote-cert-tls server
auth-nocache

verb 4

the verb 4 is for debugging log, it provides even more info regarding the connection.

==

post your client.opvn file contents , just use fake IP address for that remote ip_addess port_number line

 

[VirtualLarry]

I've seen people on the internet saying they get 80Mbps with this router,

Is that wired speed? Wireless (Wifi) speed? Or wired speed, with OpenVPN throughput?

Honestly, I wouldn't actually be surprised to find out that OpenVPN throughput on a single-core 900Mhz ARM (or MIPS?) CPU is in fact, that low.

I forget what I was getting with my PPTP VPN server enabled on my older router, but I don't think that it was much above 10-20Mbit/sec, one direction, on a FIOS connection.

 

[DSD27]

Not about speed issue.

==

If you add the following lines to your client.opvn file, then the following 2 warnings you mentioned above will be gone.

WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

remote-cert-tls server
auth-nocache

verb 4

the verb 4 is for debugging log, it provides even more info regarding the connection.

==

post your client.opvn file contents , just use fake IP address for that remote ip_addess port_number line

Does that do anything, or is it just for the warnings to disappear?
Should I add them before or after the remote ip and the <ca>?

client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
persist-key
persist-tun
remote 1.1.1.1 and default port number
<ca>
-----BEGIN CERTIFICATE-----

Is that wired speed? Wireless (Wifi) speed? Or wired speed, with OpenVPN throughput?

Honestly, I wouldn't actually be surprised to find out that OpenVPN throughput on a single-core 900Mhz ARM (or MIPS?) CPU is in fact, that low.

I forget what I was getting with my PPTP VPN server enabled on my older router, but I don't think that it was much above 10-20Mbit/sec, one direction, on a FIOS connection.

Idk... the Archer C7 has a 720Mhz CPU and people report much better openvpn performance than this. You shouldn't need a 200$ Asus to have decent openvpn server.

 

[mxnerd]

Does that do anything, or is it just for the warnings to disappear?
Should I add them before or after the remote ip and the <ca>?

anywhere before <ca>.

It just removes warnings.