Softether performance is not very high in the router as well. But wireguard should be better. We are testing it.
AES128 and AES256 doesn’t make too much difference in the router. There may be other factors taking over.
Finally, be polite to everyone thanks.
An interesting thread.
It is worth considering that travel routers are designed to be used connected to public systems to give you a much higher degree of privacy, not for mission critical encrypted traffic.
Just about any public wifi system will have bandwidth throttling of some sort to prevent one or two people from taking all the bandwidth. Typically this is set to somewhere around 2000 to 8000 Mb/s per connection, often even less in rural locations, more than adequate for streaming video in your hotel room.
VPN will always have an overhead, not just in the router but also the fact you end up routing all your traffic through a remote VPN server half way round the planet.
With all this in mind, an AR300M or an AR750AC is very much more than adequate, with most people not not even noticing any performance penalties when using one when travelling.
I am not sure the B1300 is classed as a travel router.
Which AES mode? Can you post the OVPN configuration file (or link to it) so I can see what options were enabled. As shown below the difference in speed can be >100%. I really want to know how the AR300M performance compares to the B1300 using the same cipher.
Relative throughput, 8k blocks with AES-NI enabled
aes-256-cbc - 407
aes-256-gcm - 870
Also, you quoted speeds of 12 and 18 Mbps. Are both those tests using the GL-B1300 with AES-256 and the same VPN service?
That’s irrelevant, because (in many cases) the customer does not have the option to use a weaker cipher for “non-mission critical” applications. You dont get to choose which VPN service represents the best value to me. If everyone uses unbreakable encryption, it is infinitely more difficult for hostile governments to target political dissidents who are fighting corruption for your benefit. Strong encryption does not need to be justified any more than envelopes need to be justified over post cards.
But I am not subject to the limitations of your imagination. In reality, many hotels and universities have a fiber optic connection with dozens of WiFi access points. When the physical connection throughput exceeds the router’s maximum OpenVPN speed, then OpenVPN performance comparisons matter. You dont get to dictate whats “adequate” for me because I did not state an application, and never said I was streaming video. This is not a discussion about how to justify the need for a certain level of performance, it is about the lack of OpenVPN performance measurements for GL.inet products. The customer needs an accurate measure of hardware and software performance in order to decide which product represents the best value.
You really are a presumptuous fellow! But the bottom line is, you dont get to decide what level of performance is adequate for my needs.
That’s incredibly ignorant. We are not trying to compare “travelling versus not-travelling.” We are trying to measure data throughput to determine which product best meets our needs. Specifically, I am trying to decide if the performance of the B-1300 justifies the higher price, or if I should spend the money on something else. Since you wont be involved with either the use or the purchase of this product, you dont get to decide what constitutes “adequate” performance and whether we will notice the difference !
Ahh… it’s nice to see that someone is paying attention here. Indeed, I never claimed that I was using it to travel: everything Blue said was based on wrong assumptions. These “travel routers” also make ideal WiFi extenders in a building that is already wired for Ethernet. It’s much more healthy and efficient to have several WiFi access points running at very low power than one router at very high power. If your neighbors cannot even detect your WiFi signal, there is no possibility of it being exploited by hackers or “Google Streetview” surveillance cars which map your WiFi MAC address to your street address. And I will not buy a new primary gateway router with a fast CPU until they make new chips without the Spectre & Meltdown bugs. I’m also very suspicious of anyone who argues for weak encryption, considering how mass surveillance capabilities are being widely abused by criminals in government for political & financial gain.
my tests were using cbc I have added the contents oif the opvn file min us remote server details and certificate data:
dev tun
fast-io
persist-key
persist-tun
nobind
remote ****(hidden from public view)
remote-random
pull
comp-lzo
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
It is such a shame when narcissistic perfectionism gets in the way of a good technical discussion.
Yeah, who needs to look at specifications when comparing products and making a purchase decision, that’s ridiculous. Stupid perfectionists. They want to have useful information instead of throwing money away. What’s wrong with those people who dont buy everything they see whether they need it or not?
If you want faster VPN speeds for home use then I think a PC based system running something like Pfsense is a good option. My main router is a PC-engines mini PC. Not sure of the settings at the moment but I am getting about 70Mbps on openvpn. It is a 256bit cypher but not sure which one. There are loads of mini PC options now. That are perfect to use this. Pfsense is a more powerful option for most folks but it has a steep learning curve. It is not a good travel option though ss you need larger hardware.
GL.iNet will launch a small box which can achieve 100Mbps OpenVPN soon.
Can you give some more information?
Is the hardware well choosen ? With uptodate support ?
I think here of my B1300 with outdated software !
Can your software-developement keep track with the lots of hardware ?
It would be nice.
B1300 openwrt version is old because of WiFi driver compatibility. But we today upgraded. Kernel is new.
Pls upgrade your B1300 now.
Sorry no more info about the new hardware. But it does has the most updated open source support.
Thanks for your proposal to update software.
Despite new kernel the software openwrt 15.x remains outdated with all the inherent
incompatibilities and security risks.
The proposed update is only a placebo and no solution to the problem.
People (your customers) buying an openwrt-router want secure and up-to-date hard- and software.
Why not offering openwrt 18.x (with slow wifi, but secure) and software 3.0 ?
Instead of new hardware I would appreciate this solution and more efforts
to debug software V3.0 !
Thus the hardware B1300/S1300 would not be obsolete security- and softwarewise.
Well, that is good to know but my router has been achieving speeds close to this for years and there are plenty of options that can do over 200Mbps today. Added to which Pfsense is a far more feature rich software option. My current broadband tops out at about 70Mbps anyway but I belive my old hardware can achieve about 100Mbps on the latest builds, but in reality I don’t need VPN for all of it. Pfsense has relatively easy to configure split tunnelling at source and destination ip and port. This can be done in openwrt but it is a pain. My main bandwidth hog is Usenet which is over a secure connection so I just route it outside of the VPN based on the providers domain. The success of new domestic VPN routers will be ease of configuration with cheap price and moderate speeds. Openwrt isn’t commercial grade and I can’t see many enterprises wanting to use it. Pfsense isn’t perfect, it can be hard to configure. A cheapo Celron n3150 appliance will manage about 115Mbps and lots of options will easily go over 200Mbps. In reality not many VPN providers offer much over 70 to 80Mbps today anyway. For travel routers, getting a fast connection whilst travelling isn’t easy. 5G will improve that but for many people running a VPN app on the client computer is usually easier anyway.
I have some clients who want to purchase this product. Do you think it will ship before 2020?
Which of the currently available GL routers can achieve at least 50Mbps with OpenVPN ?
Would you also consider making a product that runs OpnSense? https://opnsense.org/
Hi pls check our MV1000 Brume router which can achieve that speed OpenVPN.
Brume has the horsepower to get decent numbers on OpenVPN, 50Mbps is do-able.
It shines on Wireguard - 200Mbps is well within reach.
OpnSense is a fork of pfSense - both are based on freebsd
ARM support is getting better there in BSD land - netgate/pfsense has funded development for ARMv7a and ARMv8a for Armada 38x and Armada 37xx chips, and has built private pfSense builds to support their products.
Looking at pfSense/opnSense, in comparison to OpenWRT - all three similar enough in capability and performance, and I can speak true to this, as I do have pfSense running as my edge router on my home network, and no problems with OpenWRT doing the same.
Upside to OpenWRT is that it can leverage things like Wireguard, as this is upstream, and very linux cenric - client options are available for Win/Max/iOS/Android in userland.
1. 50 Mbps using which cipher suite? Can we see a chart of sustained data transfer benchmarks using the most secure & popular ciphers that are supported by OpenVPN ?
2. Why is Brume so expensive?
Brume - Marvell Armada 88F3720
(2-Core ARM Cortex-A53 @ 1.0 GHz) 1GB RAM
eMMC 8GB, 16 MB Flash
US $129.00
Raspberry Pi 3 - Broadcom BCM2837B0
(4-Core ARM Cortex-A53 @ 1.4 GHz) 1GB RAM
US $35
Raspberry Pi 4 - Broadcom BCM2711
(4-Core ARM Cortex-A72 @ 1.5 GHz) 1GB RAM
US $39
Micron KLM8G2FEJA-A002 8GB eMMC Memory
US $15 (single unit price)
Samsung KLM8G1GEND-B031 8GB eMMC memory
US $8 (single unit price)
SST39VF1601-70-4C-EKE Flash Memory IC 16Mb
US $0.5 (single unit price)
The raspberry pi foundation has the privilege of working closely with Boardcom so that drivers and so on are all done for them basically. Drivers are also supplied as blobs, cos Broadcom doesn’t want to do any opensource drivers and so on.
GL on the other hand wants a device that can run OpenWRT. For that, you want to run on platforms that are already developed and work for OpenWRT. Those are Qualcom, Marvel and so on.
On top of that GL, makes relatively small volume compared to a raspberry pi, so prices are not even close to the same on a per chip basis, ending up with a higher total price.
I’m not connected to GL-iNet
Try this… this is just once thing, but it’s reproducible, and shows possible max performance.
openvpn --genkey --secret /tmp/secret
time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
Data - throughput is MB/Sec - time in seconds/3200
| Device | Chipset | Arch | Cipher | Time | Throughput |
|---|---|---|---|---|---|
| MV1000 | MV3720 | aarch64 | aes-128-cbc | 8.21 | 389.77 |
| aes-256-cbc | 8.68 | 368.66 | |||
| aes-128-gcm | 17.65 | 181.30 | |||
| B1300 | IPQ4028 | ARMV7-A | aes-128-cbc | 111.97 | 28.58 |
| aes-256-cbc | 123.25 | 25.96 | |||
| aes-128-gcm | 108.25 | 29.56 | |||
| AR300M | AR9531 | MIPS24Kc | aes-128-cbc | 178.99 | 17.88 |
| aes-256-cbc | 194.32 | 16.47 | |||
| aes-128-gcm | 216.84 | 14.76 |
Pricing is actually fairly good for supported 3700 devices - see Netgate’s SG1100 device, same chipset, similar specs - $179USD
Yes, the EspressoBIN community board for 3720 is $93USD on Amazon with an enclosure and power supply, and a 32GB Samsung EVO microSD, no SW, no eMMC, and there, you’ll get no vendor support
Pricing here is driven by several factors - the cost of the chipset (3720 plus Topaz), and the NRE needed to develop the board - Netgate has a custom spin on the EspressoBIN, and Brume is a custom board.
Manufacturing Costs, aka MAV, are about the same - so cost of goods shipped is BOM+NRE+MAV/number of units shipped - and then add distribution costs to this.
$129 is a fair price, IMHO…