Using PC as a Wired Router

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> X86 based Hardware
Goto page 1, 2  Next
Author Message
robertdaleweir
DD-WRT User


Joined: 14 Apr 2018
Posts: 56

PostPosted: Tue Jul 03, 2018 19:38    Post subject: Using PC as a Wired Router Reply with quote
I have a DD-WRT flashed TP-Link Router which I use as a VPN client to my Home Network. It works well but has slowed my Downloads from 170 Mbps to 20+ range. I have been advised that the Processor and Memory capability is such that it slows the speed down to such a level. I am wondering if I could use a DD-WRT on a PC and improve my throughput? I have seen reference to X-86 and I am wondering if my efforts would be worthwhile? Any experiences would be appreciated.
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7323

PostPosted: Wed Jul 04, 2018 18:24    Post subject: Reply with quote
The differences are like night and day.

I've been saying for a long time now (mostly on other forums) that the performance problems w/ OpenVPN (and long before that, PPTP) has little to do w/ the demands of encryption. That's always the claim, the fallback position, but actual testing suggests otherwise.

I believe the version available to most routers is simply not optimized properly for these small devices. And I've tried every setting under the sun to improve the situation. Buffers sizes, MTU sizes, no ciphers, you name it, I've changed it, and it NEVER makes a lick of difference. I even configured my own OpenVPN server on a VPS so I could try a simple, no encryption, ptp (point to point) tunnel, so not even TLS in the mix. Just a simple, in the clear, no encryption tunnel. Same crappy performance.

In fact, over the past few weeks, I've been experimenting w/ configuring an *internal* OpenVPN bridged tunnel between two routers, one configured in Client mode (dd-wrt) and acting as the OpenVPN client, the other my primary router (tomato), acting as the OpenVPN server. All of it managed at the command line w/ my own scripting. No ciphers, no HMAC, simple as can be. I did use TLS rather than a ptp tunnel because I want to eventually use it in a PTMP (point to multiple point) client server mode w/ multiple clients (something a ptp tunnel can't do). The performance ***STILL*** sucks!!! I can't get better than a measly 9.5Mbps (measured) across the tunnel between two *local* routers! But when there is no OpenVPN bridge between those same routers, it's 48Mbps (measured).

Now if I use OpenVPN on *any* full-blown PC platform, even a crappy little DIY router I threw together the other day out of spare parts for testing purposes (old AMD motherboard, 1GHz dual core processor, 2 x 2GB memory, etc., something I would have been running perhaps back in 2011), it's a beast! Of the 120Mbps bandwidth available from my ISP, and using NordVPN, I get 100Mbps, without breaking a sweat. I tried both pfSense and dd-wrt (x86 version) and got the same results. In fact, I've never seen dd-wrt so "peppy". Darn thing is so fast, by the time I hit Apply Settings on the OpenVPN client GUI, I can't get over to the VPN status page before it's connected!

I'm convinced at this point that running OpenVPN (or probably any VPN) on these small devices is a really bad idea. Not unless you're prepared to either throw a LOT of muscle at it (i.e., brute force), which sort of defeats the purpose of using these small and (presumably) low-powered devices (btw, that little crappy PC I threw together only draws 20W max), or accept a 90% loss of performance (which I find to be typical).

I've been hammering at VPN performance problems on these small consumer grade routers for YEARS, and haven't made a lick of progress. And I've tried every trick in the book you can imagine. I keep hoping for a magic bullet, but I suspect there isn't one. Not unless some developer is willing to spend the time and energy to determine *why* the performance is so abysmal. IMO, if things are going to improve significantly, it's going to happen at the source level, NOT by end users tinkering w/ endless settings.

All that said, if you move to a PC platform, I'm not sure dd-wrt makes a lot of sense anymore. You might be better off using pfSense or some other software specifically intended for PC class hardware. I know some aspects of dd-wrt are not even supported in the x86 firmware.

https://wiki.dd-wrt.com/wiki/index.php/X86#Limitations

There are other reasons too. Because dd-wrt is supported on so many platforms, most of which are very limited compared to a PC, you tend to get the least common denominator in terms of features, and often older, cut-down versions of subsystems to maintain compatibility. IOW, dd-wrt, like most embedded systems (tomato, Merlin, OpenWRT, etc.), is, out of necessity, a highly compromised solution. But a full-blown PC changes all that. So why move an embedded system to a PC? The only real advantage I see is familiarity. If you're happy enough w/ dd-wrt as it is, have scripts that you want to continue using, etc., perhaps that justifies using the x86 version. But personally, I'm more inclined to look elsewhere, provided I can find something that suits my needs.

Now to be fair, I didn't dig all that deeply into the support level when I was experimenting w/ the dd-wrt x86 version. I was mostly focused on OpenVPN performance. So the x86 version *may* be different from all the other supported platforms. But I'd have to investigate that specifically to be sure.

Another alternative would be to run the OpenVPN client on a separate device, while still using dd-wrt for your primary router. IOW, it doesn't have to be all or nothing. You could establish the OpenVPN client on a PC platform (or at least something more powerful, perhaps even a NAS) and change the default gateway to that device, and/or use policy based routing to control what devices do and don't use the VPN.

JMTC
robertdaleweir
DD-WRT User


Joined: 14 Apr 2018
Posts: 56

PostPosted: Sat Jul 07, 2018 15:09    Post subject: Reply with quote
I am very impressed by the scope of your research. I am still absorbing what you have posted. I have downloaded' pfsense' and I will look into what it has to offer.
I am particularly interested in the following line in your post:
Quote:
I tried both pfSense and dd-wrt (x86 version) and got the same results. In fact, I've never seen dd-wrt so "peppy". Darn thing is so fast, by the time I hit Apply Settings on the OpenVPN client GUI, I can't get over to the VPN status page before it's connected!

I guess you would use multiple NIC Cards within these builds? I am sure that this is covered in the install procedures for each of 'pfsense' and 'dd-wrt x86' but I have never tried this myself. Did you use Etherfast or Gigabit NIC cards in that build for testing? I understand that Etherfast can handle these speeds but just wondering?
I am going to pursue a build similar to yours. I was wondering if you believe a Raspberry PI could handle this task with OpenVPN simply installed with their native OS (Raspian)? Probably there would be some missing applications, but I am not sure?
I do want to thank you for your thorough post and hopefully I can get a bit further with my own research. Smile
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 4081
Location: Akershus, Norway

PostPosted: Sat Jul 07, 2018 16:42    Post subject: Reply with quote
An RPI is not suited as it's Ethernet port is connected with USB.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7323

PostPosted: Sat Jul 07, 2018 18:49    Post subject: Reply with quote
robertdaleweir wrote:
I am very impressed by the scope of your research. I am still absorbing what you have posted. I have downloaded' pfsense' and I will look into what it has to offer.
I am particularly interested in the following line in your post:
Quote:
I tried both pfSense and dd-wrt (x86 version) and got the same results. In fact, I've never seen dd-wrt so "peppy". Darn thing is so fast, by the time I hit Apply Settings on the OpenVPN client GUI, I can't get over to the VPN status page before it's connected!

I guess you would use multiple NIC Cards within these builds? I am sure that this is covered in the install procedures for each of 'pfsense' and 'dd-wrt x86' but I have never tried this myself. Did you use Etherfast or Gigabit NIC cards in that build for testing? I understand that Etherfast can handle these speeds but just wondering?
I am going to pursue a build similar to yours. I was wondering if you believe a Raspberry PI could handle this task with OpenVPN simply installed with their native OS (Raspian)? Probably there would be some missing applications, but I am not sure?
I do want to thank you for your thorough post and hopefully I can get a bit further with my own research. Smile


As Per Yngve Berg suggests, something like the RPi may not be ideal. If I'm going to move away from these small embedded systems, I'm probably going to go all the way w/ something akin to that PC I threw together. As it happened, except for the additional NIC, I had all the spare parts lying around anyway. The mobo had an integrated Gigabit NIC, and I picked up a second Gigabit NIC (TP-Link TG-3468) @ Frys (~$14). I choose that one because it was Gigabit, PCIe, came w/ standard and low-profile brackets, and cheap enough.

Btw, I'm not suggesting that for the long-haul that particular set of components would be ideal. Again, I was just experimenting w/ what I had on-hand. And as it turned out, it didn't take all that much improvement in the specs to see an enormous difference. Even a rather modest 1GHz processor was sufficient, which is another reason why I believe it's not just about the CPU. It seems to have much more to do w/ available memory, buffer management, the use of discrete buses, etc., and the overall system architecture.

Realize that *technically*, you could use a single NIC provided you implemented VLANs on pfSense. But you would then have to use a downstream *managed* switch to differentiate between the WAN and LAN traffic. And that might make sense in some cases. For example, if your ISP is already using VLANs, say to separate internet and IPTV traffic. But for the vast majority of ppl, you're better off (at least in terms of simplicity) to just add a second NIC and a downstream UNmanaged switch.

My biggest problem so far is finding a system that gives me the same low-level access as dd-wrt and tomato. When I was using pfSense, for example, I found it didn't use iptables. And it wasn't clear to me if it supported anything equivalent to event-driven scripts (startup, firewall, shutdown, etc.). IOW, it's not just about using another piece of software for my router. I obviously want something that provides a nicer GUI, more graphs, more features, etc., but also gives me the same low-level access I've come to expect w/ dd-wrt and tomato when things don't work as I want them. And as I've been playing w/ pfSense and other similar options, it appears that such options may not be available. And if that's the case, it may require embracing the x86 version of dd-wrt, despite whatever limitations that itself imposes.

So for me, that's where I am in this journey. I want something that doesn't make me completely and solely dependent on the GUI. As good as pfSense, Untangle, etc., may be, invariably things just don't work the way you always want. And if the solution locks me down to only what's available via the GUI, that's a showstopper. It's such a showstopper that I've even contemplated building my own router from a debian distro (e.g., Ubuntu). At least then I can do anything I want. Of course, the downside is no GUI, it's all CLI. And there are times when a well developed GUI can be mighty convenient and offer complex features that would otherwise be difficult to implement (e.g., graphs).
robertdaleweir
DD-WRT User


Joined: 14 Apr 2018
Posts: 56

PostPosted: Sat Jul 07, 2018 22:49    Post subject: Reply with quote
I have an old AMD 9150e System that I am going to bring into service for this project. I will check back here as I proceed. I see that I have a Gigabyte (the Manufacturer) Mobo and 4GB of Ram. It does have a Gigabit NIC card onboard so I will get another one and add it. I have just picked up a couple of TP-Link Unmanaged Switches, which are also Gigabit Speed. Looks like I have the gear and I have two years of NordVPN already, so I should be able to parallel my current system and experiment a bit.
I am not sure what 'pfsense' uses as a OS; I assume from what you said it is not Linux. That is the benefit of DD-WRT X86 I guess and it has a GUI User Experience which is Web based. I thank you again for your specificity and I will be studying it thoroughly as I proceed. Have a great day! Smile

Quote:

As Per Yngve Berg suggests, something like the RPi may not be ideal. If I'm going to move away from these small embedded systems, I'm probably going to go all the way w/ something akin to that PC I threw together. As it happened, except for the additional NIC, I had all the spare parts lying around anyway. The mobo had an integrated Gigabit NIC, and I picked up a second Gigabit NIC (TP-Link TG-3468) @ Frys (~$14). I choose that one because it was Gigabit, PCIe, came w/ standard and low-profile brackets, and cheap enough.

Btw, I'm not suggesting that for the long-haul that particular set of components would be ideal. Again, I was just experimenting w/ what I had on-hand. And as it turned out, it didn't take all that much improvement in the specs to see an enormous difference. Even a rather modest 1GHz processor was sufficient, which is another reason why I believe it's not just about the CPU. It seems to have much more to do w/ available memory, buffer management, the use of discrete buses, etc., and the overall system architecture.

Realize that *technically*, you could use a single NIC provided you implemented VLANs on pfSense. But you would then have to use a downstream *managed* switch to differentiate between the WAN and LAN traffic. And that might make sense in some cases. For example, if your ISP is already using VLANs, say to separate internet and IPTV traffic. But for the vast majority of ppl, you're better off (at least in terms of simplicity) to just add a second NIC and a downstream UNmanaged switch.

My biggest problem so far is finding a system that gives me the same low-level access as dd-wrt and tomato. When I was using pfSense, for example, I found it didn't use iptables. And it wasn't clear to me if it supported anything equivalent to event-driven scripts (startup, firewall, shutdown, etc.). IOW, it's not just about using another piece of software for my router. I obviously want something that provides a nicer GUI, more graphs, more features, etc., but also gives me the same low-level access I've come to expect w/ dd-wrt and tomato when things don't work as I want them. And as I've been playing w/ pfSense and other similar options, it appears that such options may not be available. And if that's the case, it may require embracing the x86 version of dd-wrt, despite whatever limitations that itself imposes.

So for me, that's where I am in this journey. I want something that doesn't make me completely and solely dependent on the GUI. As good as pfSense, Untangle, etc., may be, invariably things just don't work the way you always want. And if the solution locks me down to only what's available via the GUI, that's a showstopper. It's such a showstopper that I've even contemplated building my own router from a debian distro (e.g., Ubuntu). At least then I can do anything I want. Of course, the downside is no GUI, it's all CLI. And there are times when a well developed GUI can be mighty convenient and offer complex features that would otherwise be difficult to implement (e.g., graphs).
Smile Smile
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 4081
Location: Akershus, Norway

PostPosted: Sat Jul 07, 2018 23:02    Post subject: Reply with quote
PFsense/OPNsense is build on the FreeBSD distribution and is only available for the X86 processors.
robertdaleweir
DD-WRT User


Joined: 14 Apr 2018
Posts: 56

PostPosted: Sat Jul 07, 2018 23:36    Post subject: Reply with quote
Per Yngve Berg wrote:
PFsense/OPNsense is build on the FreeBSD distribution and is only available for the X86 processors.

Hi
Thank you very much for that information. I understand and I will avoid them for that reason.
slybunda
DD-WRT User


Joined: 09 Jan 2010
Posts: 461

PostPosted: Thu Jul 12, 2018 23:15    Post subject: Reply with quote
run dd-wrt on a virtual machine. can get gigabit vpn routing easy. (depends on host pc)
robertdaleweir
DD-WRT User


Joined: 14 Apr 2018
Posts: 56

PostPosted: Sat Jul 14, 2018 5:34    Post subject: Reply with quote
slybunda wrote:
run dd-wrt on a virtual machine. can get gigabit vpn routing easy. (depends on host pc)


Hi slybunda
I assume you mean DD-WRT X86 version. I have only tried Windoze VMs under Fedora and they work quite well, given it is Microsoft. What host PC (OS) would you recommend? Have you checked the actual throughput of the VPN as a % of your ISP without VPN? I am only getting 22Mbps using an Archer C7 using DD-WRT, which is only about 12% of my ISP of 170Mbps. Using a VM of DD-WRT X86 what type of % ratio do you get of your ISP straight speed?
flood404
DD-WRT User


Joined: 18 Dec 2013
Posts: 146

PostPosted: Mon Jul 16, 2018 22:57    Post subject: Reply with quote
I built a duo core system with the following parts.

Dell Studio 540 motherboard for $26 on ebay. Had heatsink for it already in my parts box in closet.

64GB SSD boot drive that is junk under heavy operation in windows or linux. You can go anywhere locally for a 1GB USB boot drive if you want to go that route.

Had E7500 Intel duo core CPU laying around 2.93GHz max speed x2.

8Gb ram for this system for $25 on ebay.

350W Dell PSU that was recapped also in parts box.

Micro ATX case found free in trash.

Realtek 8169SC PCI card which does gigabit speeds. You can get the PCI-E version which is better due to the Bus Speed. $10 on ebay for the card.

used the free DD-wrt File and wrote it out on the SSD drive and setup the BIOS with all the onboard audio switched off and the ports that I am not using. Left all the USB ports on. Bought 2TB drives on ebay for $50 each and got them working on the other 3 SATA ports for a NAS system and Mini DLNA.

You will need a gigabit switch to split the LAN connection for each computer you need to use Ethernet wired connection. In my case I used a ASUS 8 port gigabit switch. But a TP link 5 port switch works great too.

Then for wifi access I bought from thrift shop a Netgear 3700v3 and Linksys 320N gigabit routers for wifi use and to have more Ethernet ports available. Both have DD-wrt on them too.

I have 0 issues most of the time but I like to run bleeding edge when possible on DD-wrt firmwares which caused some bumps in the road.

I have a SB6141 modem with 100mbps plan but I can do 200Mbps or all the way to 1 gigabit if I had the proper modem. Plus having a NAS is treat so I do not have to resort to USB flash drives when everything I need is provided on the network. It did not cost me that much for this setup and I did not have it all in one go either.
robertdaleweir
DD-WRT User


Joined: 14 Apr 2018
Posts: 56

PostPosted: Tue Jul 17, 2018 4:54    Post subject: Reply with quote
flood404 wrote:
I built a duo core system with the following parts.

Dell Studio 540 motherboard for $26 on ebay. Had heatsink for it already in my parts box in closet.

64GB SSD boot drive that is junk under heavy operation in windows or linux. You can go anywhere locally for a 1GB USB boot drive if you want to go that route.

Had E7500 Intel duo core CPU laying around 2.93GHz max speed x2.

8Gb ram for this system for $25 on ebay.

350W Dell PSU that was recapped also in parts box.

Micro ATX case found free in trash.

Realtek 8169SC PCI card which does gigabit speeds. You can get the PCI-E version which is better due to the Bus Speed. $10 on ebay for the card.

used the free DD-wrt File and wrote it out on the SSD drive and setup the BIOS with all the onboard audio switched off and the ports that I am not using. Left all the USB ports on. Bought 2TB drives on ebay for $50 each and got them working on the other 3 SATA ports for a NAS system and Mini DLNA.

You will need a gigabit switch to split the LAN connection for each computer you need to use Ethernet wired connection. In my case I used a ASUS 8 port gigabit switch. But a TP link 5 port switch works great too.

Then for wifi access I bought from thrift shop a Netgear 3700v3 and Linksys 320N gigabit routers for wifi use and to have more Ethernet ports available. Both have DD-wrt on them too.

I have 0 issues most of the time but I like to run bleeding edge when possible on DD-wrt firmwares which caused some bumps in the road.

I have a SB6141 modem with 100mbps plan but I can do 200Mbps or all the way to 1 gigabit if I had the proper modem. Plus having a NAS is treat so I do not have to resort to USB flash drives when everything I need is provided on the network. It did not cost me that much for this setup and I did not have it all in one go either.


Hi flood404
Sounds like a great system. What procedure did you use for the following " used the free DD-wrt File and wrote it out on the SSD drive " I take it is an image or something. Did you use 'dd' or some other process?
Did you resize the Partition(s) on the SSD? Not sure how large the image is? Do you use a VPN service or just run your PC/Router in lieu of a Standard Router (with DD-WRT on it obviously)? Thanks for the information and the fact that it works well for you.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 4081
Location: Akershus, Norway

PostPosted: Tue Jul 17, 2018 16:40    Post subject: Reply with quote
I just got an Asus Tinker Board S. It have the same size as the RPI, but with a Giga Ethernet port that is not connected to USB. Will se how it performs.
robertdaleweir
DD-WRT User


Joined: 14 Apr 2018
Posts: 56

PostPosted: Tue Jul 17, 2018 18:04    Post subject: Reply with quote
Per Yngve Berg wrote:
I just got an Asus Tinker Board S. It have the same size as the RPI, but with a Giga Ethernet port that is not connected to USB. Will se how it performs.


That looks like a nice unit. Let us know how you make out with it . Smile
LookingForMyMojo
DD-WRT Guru


Joined: 29 Aug 2014
Posts: 693

PostPosted: Sun Jul 22, 2018 21:54    Post subject: Reply with quote
I just put ddwrt on an old pc i had collecting dust. i5-2400, 8gb ram, 120gb ssd. it is just smoking!
_________________
My "WRT" rant, and why I have gone ddwrt on x86, no more consumer routers. ( ac86u as access points & bridges )

https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312142&highlight=ac86u
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> X86 based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum