VPN Speed low-middle CPU

My exprience is much less than that. I ran a test on my line and a vpn server using the router based vpn and B1300. (all through the B1300 router. With no vpn active 40 mbps; with VPN through a windows application 35mbps;; using the VPN only on the router (same service and server) 12mbps.

I am not sure how the research testing was getting such high scores but it seems pretty clear that these are not the default results you can expect on the present firmware.

1 Like

Not sure about the reason. But 12Mbps can be easily reached using AR300M.

In B1300 we just tested ipsec with hardware acceleration enabled and it reaches 100Mbps. So we may consider using other VPN protocols.

I did some testing last night, and found that when the VPN server (using the same on both windows and the router) is a slow one (approx 6 Mbps). The results are identical in both situations.

Today I tried it again with the best case scenario (residential area during work and school hours) and the results are the same Np VPN: 45Mbps, VPN on windows: 38Mbps; VPN on router: 18Mbps.

The question is whether it is a hardware, firmware, or configuration issue.

As it is, even when I have a 35Mbps VPN server connection I cannot reliably use the router for streaming as it doesn’t use more than approximately 1/3 of the speed. This is a shame as that was my main reason for buying this router.

maybe you can wait for ipsec support, which should fast enough.

1 Like

In B1300 we just tested ipsec with hardware acceleration enabled and it reaches 100Mbps. So we may consider using other VPN protocols.

OH. MY. GOD. WOW. I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT I WANT IT

Buy a “mini PC” with a faster CPU or cryptographic accelerator chip

OpenVPN throughput statistics are COMPLETELY USELESS if you do not specify the cipher and key size used in the test. For example, AES-256 uses 40% more CPU resources than AES-128. Would someone please test the GL-B1300 with a modern cipher suite and high security configuration typically used in business communications, such as:

ECDHE-RSA-AES256-GCM-SHA384, 2048-bit RSA

I have tested the GL-AR300M at 9 Mbps download with this configuration using speedtest.net. Meaningful OpenVPN throughput statistics using a standard benchmark like this should be posted on the specifications page of all products here.

But not secure enough. And what about these:




  1. This forum is for adults.

  2. Cryptographic experts have found serious security flaws in all major components of IPsec. This is why many commercial VPN internet browsing services do not support it. IPsec may be fine if you are just downloading copyrighted material, but please do not bark and salivate like a dog at the mention of a compromised encryption standard like this. IPsec is not recommended for important communications.

1 Like

I agree the tests. I made my tests using a service that uses AES-256, (expressvpn). I think the benchmarkers should release figures using commonly available commercial services or at least specify the cipher and key size. Also, the inclusion of wireguard over openvpn would be a step forward.

1 Like

Softether performance is not very high in the router as well. But wireguard should be better. We are testing it.

AES128 and AES256 doesn’t make too much difference in the router. There may be other factors taking over.

Finally, be polite to everyone thanks.

1 Like

An interesting thread.
It is worth considering that travel routers are designed to be used connected to public systems to give you a much higher degree of privacy, not for mission critical encrypted traffic.
Just about any public wifi system will have bandwidth throttling of some sort to prevent one or two people from taking all the bandwidth. Typically this is set to somewhere around 2000 to 8000 Mb/s per connection, often even less in rural locations, more than adequate for streaming video in your hotel room.
VPN will always have an overhead, not just in the router but also the fact you end up routing all your traffic through a remote VPN server half way round the planet.
With all this in mind, an AR300M or an AR750AC is very much more than adequate, with most people not not even noticing any performance penalties when using one when travelling.

1 Like

I am not sure the B1300 is classed as a travel router.

Which AES mode? Can you post the OVPN configuration file (or link to it) so I can see what options were enabled. As shown below the difference in speed can be >100%. I really want to know how the AR300M performance compares to the B1300 using the same cipher.

Relative throughput, 8k blocks with AES-NI enabled

aes-256-cbc - 407
aes-256-gcm - 870

Also, you quoted speeds of 12 and 18 Mbps. Are both those tests using the GL-B1300 with AES-256 and the same VPN service?

That’s irrelevant, because (in many cases) the customer does not have the option to use a weaker cipher for “non-mission critical” applications. You dont get to choose which VPN service represents the best value to me. If everyone uses unbreakable encryption, it is infinitely more difficult for hostile governments to target political dissidents who are fighting corruption for your benefit. Strong encryption does not need to be justified any more than envelopes need to be justified over post cards.

But I am not subject to the limitations of your imagination. In reality, many hotels and universities have a fiber optic connection with dozens of WiFi access points. When the physical connection throughput exceeds the router’s maximum OpenVPN speed, then OpenVPN performance comparisons matter. You dont get to dictate whats “adequate” for me because I did not state an application, and never said I was streaming video. This is not a discussion about how to justify the need for a certain level of performance, it is about the lack of OpenVPN performance measurements for GL.inet products. The customer needs an accurate measure of hardware and software performance in order to decide which product represents the best value.

You really are a presumptuous fellow! But the bottom line is, you dont get to decide what level of performance is adequate for my needs.

That’s incredibly ignorant. We are not trying to compare “travelling versus not-travelling.” We are trying to measure data throughput to determine which product best meets our needs. Specifically, I am trying to decide if the performance of the B-1300 justifies the higher price, or if I should spend the money on something else. Since you wont be involved with either the use or the purchase of this product, you dont get to decide what constitutes “adequate” performance and whether we will notice the difference !

Ahh… it’s nice to see that someone is paying attention here. Indeed, I never claimed that I was using it to travel: everything Blue said was based on wrong assumptions. These “travel routers” also make ideal WiFi extenders in a building that is already wired for Ethernet. It’s much more healthy and efficient to have several WiFi access points running at very low power than one router at very high power. If your neighbors cannot even detect your WiFi signal, there is no possibility of it being exploited by hackers or “Google Streetview” surveillance cars which map your WiFi MAC address to your street address. And I will not buy a new primary gateway router with a fast CPU until they make new chips without the Spectre & Meltdown bugs. I’m also very suspicious of anyone who argues for weak encryption, considering how mass surveillance capabilities are being widely abused by criminals in government for political & financial gain.

2 Likes

my tests were using cbc I have added the contents oif the opvn file min us remote server details and certificate data:
dev tun
fast-io
persist-key
persist-tun
nobind
remote ****(hidden from public view)
remote-random
pull
comp-lzo
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass

It is such a shame when narcissistic perfectionism gets in the way of a good technical discussion.

1 Like

Yeah, who needs to look at specifications when comparing products and making a purchase decision, that’s ridiculous. Stupid perfectionists. They want to have useful information instead of throwing money away. What’s wrong with those people who dont buy everything they see whether they need it or not?

1 Like

If you want faster VPN speeds for home use then I think a PC based system running something like Pfsense is a good option. My main router is a PC-engines mini PC. Not sure of the settings at the moment but I am getting about 70Mbps on openvpn. It is a 256bit cypher but not sure which one. There are loads of mini PC options now. That are perfect to use this. Pfsense is a more powerful option for most folks but it has a steep learning curve. It is not a good travel option though ss you need larger hardware.

GL.iNet will launch a small box which can achieve 100Mbps OpenVPN soon.

Can you give some more information?
Is the hardware well choosen ? With uptodate support ?
I think here of my B1300 with outdated software !
Can your software-developement keep track with the lots of hardware ?
It would be nice.

B1300 openwrt version is old because of WiFi driver compatibility. But we today upgraded. Kernel is new.

Pls upgrade your B1300 now.

Sorry no more info about the new hardware. But it does has the most updated open source support.

Thanks for your proposal to update software.

Despite new kernel the software openwrt 15.x remains outdated with all the inherent

incompatibilities and security risks.

The proposed update is only a placebo and no solution to the problem.

People (your customers) buying an openwrt-router want secure and up-to-date hard- and software.

Why not offering openwrt 18.x (with slow wifi, but secure) and software 3.0 ?

Instead of new hardware I would appreciate this solution and more efforts

to debug software V3.0 !

Thus the hardware B1300/S1300 would not be obsolete security- and softwarewise.

Well, that is good to know but my router has been achieving speeds close to this for years and there are plenty of options that can do over 200Mbps today. Added to which Pfsense is a far more feature rich software option. My current broadband tops out at about 70Mbps anyway but I belive my old hardware can achieve about 100Mbps on the latest builds, but in reality I don’t need VPN for all of it. Pfsense has relatively easy to configure split tunnelling at source and destination ip and port. This can be done in openwrt but it is a pain. My main bandwidth hog is Usenet which is over a secure connection so I just route it outside of the VPN based on the providers domain. The success of new domestic VPN routers will be ease of configuration with cheap price and moderate speeds. Openwrt isn’t commercial grade and I can’t see many enterprises wanting to use it. Pfsense isn’t perfect, it can be hard to configure. A cheapo Celron n3150 appliance will manage about 115Mbps and lots of options will easily go over 200Mbps. In reality not many VPN providers offer much over 70 to 80Mbps today anyway. For travel routers, getting a fast connection whilst travelling isn’t easy. 5G will improve that but for many people running a VPN app on the client computer is usually easier anyway.