New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
VPN on dd-wrt router is so slow,Any idea?
Hello guys I have Linksys E1200 running dd-wrt software (mega) I tried to use it for VPN but it's so slow it's about 25% of my speed in browsing I tried this before on Tp-Link 741 with dd-wrt and it was slow too but I thought it's because Tp-link but now Linksys too is slow
Any idea
I use this tutorial (not using strongvpn service I have my own servers)
http://www.strongvpn.com/setup_dd-wrt_pptp.shtml
But service>VPN type did not work for me, any idea why?
http://strongvpn.com/dd-wrtfirewall.shtml this did not work
P.S: I had a discussion before asking for a router to use with dd-wrt software but it was deleted in the problem of the LET
Comments
It could be that the processor on the router is not fast enough to handle the throughput that you are trying to push through it.
I think that Linksys E1200 is not that bad
My performance with StrongVPN and pptp was absolute garbage. Once I moved to OpenVPN it was amazing. My suggestion is to use OpenVPN.
I'm not using Strongvpn service I have my own servers I just used their tutorial
can you provide me with easy tutorial to setup openvpn on dd-wrt router (I have many OpenVPN servers)
Greetz
http://www.dd-wrt.com/wiki/index.php/OpenVPN
Well I use a Raspberry Pi for my OpenVPN server and 1Mb/s drives it's CPU up to 100%. I guess it's probably the same case for your router?
Actually it does not use a lot of resources I use it only as PPTP client on 1Mb ADSL line
A Pi will do many things in software, while the router is optimized for network usage. It will probably do better, you should be more than OK with 1 Mb/s in DD-WRT.
@Maounique But it is so slow in browsing it is not even 256Kb/s that get me crazy
change host.
What is your latency to the server you are using as the VPN server? Your speed will be directly effected by how far you are from the server, so if your in for example Asia and are using a VPN is the US, you will likely have a ping of 180-230ms and the transit will be slower. If you have a server thats <100ms away, you will get much better speeds as the latency is lower. ALSO, another thing to consider is by default OpenVPN uses UDP and some ISPs limit UDP to prevent abuse, you may try switching to TCP if that is an option, and that could also help with the speed issues.
Hope that helps.
Cheers!
@TheLinuxBug First it is not Ping issue because I use this servers for me and my clients on windows and mobile and speed is fine
Second I did not used OpenVPN I was using PPTP so it's TCP and my ISP do not limit UDP
Thanks anyway for trying to help
@ACaton I'm trying OpenVPN now I used these tutorials
http://docs.openvpn.net/frequently-asked-questions/using-dd-wrt-with-openvpn-access-server/
https://airvpn.org/ddwrt/
but it does not connect and I got this in Status>OpenVPN
Serverlog Clientlog 20131004 22:13:28 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20131004 22:13:28 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20131004 22:13:28 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20131004 22:13:28 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20131004 22:13:28 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
20131004 22:13:28 I Control Channel Authentication: using '/tmp/openvpncl/ta.key' as a OpenVPN static key file
20131004 22:13:28 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20131004 22:13:28 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20131004 22:13:28 Socket Buffers: R=[114688->131072] S=[114688->131072]
20131004 22:13:28 I UDPv4 link local: [undef]
20131004 22:13:28 I UDPv4 link remote: [AF_INET]199.xx.xx.xx:1194
20131004 22:14:28 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20131004 22:14:28 N TLS Error: TLS handshake failed
20131004 22:14:28 I SIGUSR1[soft tls-error] received process restarting
20131004 22:14:28 Restart pause 2 second(s)
20131004 22:14:30 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20131004 22:14:30 Socket Buffers: R=[114688->131072] S=[114688->131072]
20131004 22:14:30 I UDPv4 link local: [undef]
20131004 22:14:30 I UDPv4 link remote: [AF_INET]199.xx.xx.xx:1194
20131004 22:14:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20131004 22:14:55 D MANAGEMENT: CMD 'state'
20131004 22:14:55 MANAGEMENT: Client disconnected
20131004 22:14:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20131004 22:14:55 D MANAGEMENT: CMD 'state'
20131004 22:14:55 MANAGEMENT: Client disconnected
20131004 22:14:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20131004 22:14:55 D MANAGEMENT: CMD 'state'
20131004 22:14:55 MANAGEMENT: Client disconnected
20131004 22:14:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20131004 22:14:55 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
This is your processor, no doubt about it. One thing you can do to increase your speed a little bit is by using a weaker cipher and no lzo compression (less processor overhead). If you want to get speeds faster than 10mbits than you will need get away from these consumer routers.
My consumer router does 10 mb in a bad day, does not reach 50 mb though, no matter what I tried, but is closing in to 40 and sometimes goes over.
Use a weaker cipher. The BCM5357 is slow. And is DD-WRT mega too big for E1200v2??
@raidz @Maounique @JonathanZhang This pic show that CPU is fine as I think, I took it when I was pushing the full Adsl line speed (I was using PPTP and the line speed is 1mb/s not more)
and I do not know what weaker cipher is?
I will search google for it
P.S. After adding some Firewall rules to the router the speed is become better but I can access other PCs files that connected to the same VPN server
In all seriousness, DD-WRT is SHIT for anything hardcore like a VPN. Your E1200v2 is designed to run ROUTING tasks. It'll do routing, and not much more. Your best bet is run the VPN with a raspi and add a static route for it in your router.
IT can do VPN fine. Mine does an excellent job for my needs, as you see, the cpu is not much used, the problem is probably elsewhere.
Sure a consumer router with a MIPS cpu will not handle 100 mil pps, but should do well in most cases on an 100 mbps line.
@Maounique I solved the speed problem partially with pptp and I will try another ver of dd-wrt for openvpn and see what will happen
i have a linksys e4200 with static routes based on source natted ips and it works like a charm, speed is great.. before i had an e2000 and it wasn't that great due to processor speed.. so cpu speed may be your issue.
The pic I post show that it is not
I have PPTP working fine now (not full speed but fine)
aha!!.. forgot to mention i use pptp as well...
What is considered a "fine" speed?
without a VPN i can grab 6MB/s but through a VPN on my router, only able to get about 1MB/s.
@doughnet Yes I mean speed
Without the vpn it's 110-120KB/s but through vpn it's 90-100 KB/s
And it is great. A VPN, unless you use a server with a large bandwidth in your neighbourhood where you have unrestricted access, will generally slow down your speed. The latency increases, the link goes through more hops, it is normal. you are not using a VPN to increase speed or keep it the same, but to circumvent censorship, to access content in a certain country or to increase speed to that (distant) country, but you cannot have higher speed than you have without the VPN in 9 cases out of 10.
@Maounique You are absolutely right
The problem now is to bridge between wan and lan in the dd-wrt to make machines outside the lan access the resources behind lan and I didn't have time to check this yet
You will not want to do that unless you are bridging 2 internal networks (i.e. one behind a router with another one behind your dd-wrt). IPsec would do this great.
Otherwise, simple NAT-ing would suffice. I now use IPv6 to access my computers behind the router, since IPv6 does not suffer from NAT diseases.
@Maounique I want to this because I want to connect some company branches (accounting systems & archives) so it will not be useful if it didn't
You will need to setup a bridge between those directly without going over internet if possible, if not, give them each a router and use IPSec to bridge them. A single router can do this, but will be extremely complicated and a messy routing to do, it is highly unlikely you will get it right, it is cheaper to get 2 more 30 $ consumer routers to do that.