VPN Speed low-middle CPU

Hello

I have two questions regarding VPN Speed. I bought the router. GI AR300M-650Mhz.

I have here maximally 1.1 Mbit’s Download with 256Bit AER Verschluesselung over Openvpn. No matter which config setting. The VPN provider is Nordvpn, where I tried a few servers with high bandwidth.

 

I tested>


My house connection with original router

Download 140000kbit / s

Upload 4500kbps

Gl-AR300M- Connected without VPN enabled

Download 67000kbit / s

Upload 6000kbps

Gl-AR300M- Connected to enabled OpenVPN

Download 10600kbit / s

Upload 5000kbps

 

I have very little speed here and thought with 650Mhz I have more download speed. The CPU utilization is permanently with VPN at about 86%

Does anyone have any other experiences where the bottleneck can be? Or where is the problem or is it normal?

I have a TP Link 1043 v1. with 400 Mhz also about 10000kbit / s download.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I now intend to buy a GL-B1300. This has 4x717MHz and I hope some more download speed with VPN. Has anyone here experience what you can achieve here?

It seems to be the best router from gl-inet right?

 

 

thanks

10600kbit is 10.6Mbps.

This is a normal speed for the mini router. The mini routers can achieve from 8 to 17Mbps. Depends on the environments this is totally normal.

okay thanks. anyone experience what the GL-B1300 brings?

Would love to see some figures from the GL-B1300 as well. Looks like an interesting product.

For B1300, our testing is 45Mbps when LAN testing of openvpn. In real testing with commercial servers max is 25Mbps.

Not sure which settings made the difference but will try to check.

Well 25Mbps even is 2X or better what the travel models are capable of. 45 would be real nice :slight_smile:

I wasn’t even aware you all made a home model B1300 I’m probably going to order one just to play with. It looks like an interesting product and I’m sure I can find a spot somewhere for it.

My exprience is much less than that. I ran a test on my line and a vpn server using the router based vpn and B1300. (all through the B1300 router. With no vpn active 40 mbps; with VPN through a windows application 35mbps;; using the VPN only on the router (same service and server) 12mbps.

I am not sure how the research testing was getting such high scores but it seems pretty clear that these are not the default results you can expect on the present firmware.

1 Like

Not sure about the reason. But 12Mbps can be easily reached using AR300M.

In B1300 we just tested ipsec with hardware acceleration enabled and it reaches 100Mbps. So we may consider using other VPN protocols.

I did some testing last night, and found that when the VPN server (using the same on both windows and the router) is a slow one (approx 6 Mbps). The results are identical in both situations.

Today I tried it again with the best case scenario (residential area during work and school hours) and the results are the same Np VPN: 45Mbps, VPN on windows: 38Mbps; VPN on router: 18Mbps.

The question is whether it is a hardware, firmware, or configuration issue.

As it is, even when I have a 35Mbps VPN server connection I cannot reliably use the router for streaming as it doesn’t use more than approximately 1/3 of the speed. This is a shame as that was my main reason for buying this router.

maybe you can wait for ipsec support, which should fast enough.

1 Like

In B1300 we just tested ipsec with hardware acceleration enabled and it reaches 100Mbps. So we may consider using other VPN protocols.

OH. MY. GOD. WOW. I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT

Buy a “mini PC” with a faster CPU or cryptographic accelerator chip

OpenVPN throughput statistics are COMPLETELY USELESS if you do not specify the cipher and key size used in the test. For example, AES-256 uses 40% more CPU resources than AES-128. Would someone please test the GL-B1300 with a modern cipher suite and high security configuration typically used in business communications, such as:

ECDHE-RSA-AES256-GCM-SHA384, 2048-bit RSA

I have tested the GL-AR300M at 9 Mbps download with this configuration using speedtest.net. Meaningful OpenVPN throughput statistics using a standard benchmark like this should be posted on the specifications page of all products here.

But not secure enough. And what about these:




  1. This forum is for adults.

  2. Cryptographic experts have found serious security flaws in all major components of IPsec. This is why many commercial VPN internet browsing services do not support it. IPsec may be fine if you are just downloading copyrighted material, but please do not bark and salivate like a dog at the mention of a compromised encryption standard like this. IPsec is not recommended for important communications.

1 Like

I agree the tests. I made my tests using a service that uses AES-256, (expressvpn). I think the benchmarkers should release figures using commonly available commercial services or at least specify the cipher and key size. Also, the inclusion of wireguard over openvpn would be a step forward.

1 Like

Softether performance is not very high in the router as well. But wireguard should be better. We are testing it.

AES128 and AES256 doesn’t make too much difference in the router. There may be other factors taking over.

Finally, be polite to everyone thanks.

1 Like

An interesting thread.
It is worth considering that travel routers are designed to be used connected to public systems to give you a much higher degree of privacy, not for mission critical encrypted traffic.
Just about any public wifi system will have bandwidth throttling of some sort to prevent one or two people from taking all the bandwidth. Typically this is set to somewhere around 2000 to 8000 Mb/s per connection, often even less in rural locations, more than adequate for streaming video in your hotel room.
VPN will always have an overhead, not just in the router but also the fact you end up routing all your traffic through a remote VPN server half way round the planet.
With all this in mind, an AR300M or an AR750AC is very much more than adequate, with most people not not even noticing any performance penalties when using one when travelling.

1 Like

I am not sure the B1300 is classed as a travel router.

Which AES mode? Can you post the OVPN configuration file (or link to it) so I can see what options were enabled. As shown below the difference in speed can be >100%. I really want to know how the AR300M performance compares to the B1300 using the same cipher.

Relative throughput, 8k blocks with AES-NI enabled

aes-256-cbc - 407
aes-256-gcm - 870

Also, you quoted speeds of 12 and 18 Mbps. Are both those tests using the GL-B1300 with AES-256 and the same VPN service?

That’s irrelevant, because (in many cases) the customer does not have the option to use a weaker cipher for “non-mission critical” applications. You dont get to choose which VPN service represents the best value to me. If everyone uses unbreakable encryption, it is infinitely more difficult for hostile governments to target political dissidents who are fighting corruption for your benefit. Strong encryption does not need to be justified any more than envelopes need to be justified over post cards.

But I am not subject to the limitations of your imagination. In reality, many hotels and universities have a fiber optic connection with dozens of WiFi access points. When the physical connection throughput exceeds the router’s maximum OpenVPN speed, then OpenVPN performance comparisons matter. You dont get to dictate whats “adequate” for me because I did not state an application, and never said I was streaming video. This is not a discussion about how to justify the need for a certain level of performance, it is about the lack of OpenVPN performance measurements for GL.inet products. The customer needs an accurate measure of hardware and software performance in order to decide which product represents the best value.

You really are a presumptuous fellow! But the bottom line is, you dont get to decide what level of performance is adequate for my needs.

That’s incredibly ignorant. We are not trying to compare “travelling versus not-travelling.” We are trying to measure data throughput to determine which product best meets our needs. Specifically, I am trying to decide if the performance of the B-1300 justifies the higher price, or if I should spend the money on something else. Since you wont be involved with either the use or the purchase of this product, you dont get to decide what constitutes “adequate” performance and whether we will notice the difference !

Ahh… it’s nice to see that someone is paying attention here. Indeed, I never claimed that I was using it to travel: everything Blue said was based on wrong assumptions. These “travel routers” also make ideal WiFi extenders in a building that is already wired for Ethernet. It’s much more healthy and efficient to have several WiFi access points running at very low power than one router at very high power. If your neighbors cannot even detect your WiFi signal, there is no possibility of it being exploited by hackers or “Google Streetview” surveillance cars which map your WiFi MAC address to your street address. And I will not buy a new primary gateway router with a fast CPU until they make new chips without the Spectre & Meltdown bugs. I’m also very suspicious of anyone who argues for weak encryption, considering how mass surveillance capabilities are being widely abused by criminals in government for political & financial gain.

2 Likes

my tests were using cbc I have added the contents oif the opvn file min us remote server details and certificate data:
dev tun
fast-io
persist-key
persist-tun
nobind
remote ****(hidden from public view)
remote-random
pull
comp-lzo
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass

It is such a shame when narcissistic perfectionism gets in the way of a good technical discussion.

1 Like

Yeah, who needs to look at specifications when comparing products and making a purchase decision, that’s ridiculous. Stupid perfectionists. They want to have useful information instead of throwing money away. What’s wrong with those people who dont buy everything they see whether they need it or not?

1 Like