Posted: Wed Nov 03, 2021 21:02 Post subject: R9000 VPN Performance Question
Hey all, bit of a novice here, just trying to get consistent reliable VPN speeds on my Netgear R9000. Curious if the results I am seeing are reasonable or if I can update any config to help increase speed/reliability.
I have attached images of my current setup and speeds of both VPN and NON-VPN all direct connections (NOT WIFI)
Firmware: DD-WRT v3.0-r44715 std
Any questions let me know, please be kind I may have forgotten some information.
StackHouse
Last edited by StackHouse on Wed Nov 03, 2021 21:05; edited 1 time in total
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Wed Nov 03, 2021 21:40 Post subject:
if you can use "inbound firewall on TUN" option please do so it will improve your security dramatically..
than read the forum guidelines
than upgrade to a new build as your build is very old
44715 is old and missing security fixes last build is 47608 witch is good...
https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2021/
than if your VPN provider can work with it use
cipher CHACHA20-POLY1305
its faster and more secure
finally R9000 could do 150+Mbit over VPN, but this depends on may things, mostly what speed can VPN servers deliver to you..
please hide your WAN IP...do not share spicy details...like IP's passwords/usernames and ect. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Thu Nov 04, 2021 7:26 Post subject:
As said first upgrade to a better build (latest is now 51741)
VPN speed is highly dependant on the VPN server, that varies during the day due to load of the server the only way to have a constant speed is if you set up your own VPN server and pay for a guaranteed bandwidth
Do not change the Static DNS servers just keep them on your own preferred DNS server.
Make sure to enable/tick Ignore Wan DNS on setup page
Make sure to disable "Query DNS in strict order" on Service Page
Change the following:
Tunnel Protocol: UDP4 (otherwise the client tries IPv6)
Encryption cipher: AES-256-GCM
(The encryption cipher is a deprecated option but used for compatibility with older servers)
HASH Algorithm: SHA 512
Hash algorithm is necessary because you are using tls-auth
First Data Cipher: AES-128-GCM
Second data cipher: AES-256-GCM
Third Data Cipher: Chacha20-Poly1305
Compression: Disabled (this is different from No)
Inbound Firewall on Tun: Checked (Enabled, otherwise your network is exposed)
Tunnel MTU settings:1400
Verify Server Cert.: Checked (Enabled)
In additional config remove everything you already have there and I mean everything only try with the following:
verb 5
keep alive 10 120
pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6
block-ipv6
FYI, I just tried your settings and it wouldn't connect so SS needs one of those settings to connect. Too bad the OP didn't come back to test it further.
Overclocking to 2.0Ghz on the r9000/xr700 would also improve OpenVPN throughput. _________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!