R9000 VPN Performance Question

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
StackHouse
DD-WRT Novice


Joined: 03 Nov 2021
Posts: 2

PostPosted: Wed Nov 03, 2021 21:02    Post subject: R9000 VPN Performance Question Reply with quote
Hey all, bit of a novice here, just trying to get consistent reliable VPN speeds on my Netgear R9000. Curious if the results I am seeing are reasonable or if I can update any config to help increase speed/reliability.

I have attached images of my current setup and speeds of both VPN and NON-VPN all direct connections (NOT WIFI)

Firmware: DD-WRT v3.0-r44715 std

Any questions let me know, please be kind I may have forgotten some information.

StackHouse


Last edited by StackHouse on Wed Nov 03, 2021 21:05; edited 1 time in total
Sponsor
StackHouse
DD-WRT Novice


Joined: 03 Nov 2021
Posts: 2

PostPosted: Wed Nov 03, 2021 21:04    Post subject: R9000 VPN Performance Question Reply with quote
Here are some additional attachments
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Nov 03, 2021 21:33    Post subject: Reply with quote
As this question can be of interest to us all, I will move it to the Advanced Networking forum.

Although probably not related to your problem but you are using an old build whith security issues.

See the forum guidelines with helpful pointers about where to post and where you can find builds and many more helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Openvpn documentation see the link in my signature at the bottom but we do not have specific settings for your provider.

I will have a look in detail tomorrow

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Wed Nov 03, 2021 21:40    Post subject: Reply with quote
if you can use "inbound firewall on TUN" option please do so it will improve your security dramatically..
than read the forum guidelines
than upgrade to a new build as your build is very old
44715 is old and missing security fixes last build is 47608 witch is good...
https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2021/
than if your VPN provider can work with it use
cipher CHACHA20-POLY1305
its faster and more secure

finally R9000 could do 150+Mbit over VPN, but this depends on may things, mostly what speed can VPN servers deliver to you..

please hide your WAN IP...do not share spicy details...like IP's passwords/usernames and ect.

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Nov 04, 2021 7:26    Post subject: Reply with quote
As said first upgrade to a better build (latest is now 51741)

VPN speed is highly dependant on the VPN server, that varies during the day due to load of the server the only way to have a constant speed is if you set up your own VPN server and pay for a guaranteed bandwidth

I have looked at the settings and as said it will probably not get it much better but the settings are not optimal.
https://support.surfshark.com/hc/en-us/articles/360003086114-How-to-set-up-Surfshark-VPN-on-DD-WRT-router-#h_9d87c0d0-05db-4871-bf2b-bda4e4f1ef91

Do not change the Static DNS servers just keep them on your own preferred DNS server.

Make sure to enable/tick Ignore Wan DNS on setup page

Make sure to disable "Query DNS in strict order" on Service Page

Change the following:
Tunnel Protocol: UDP4 (otherwise the client tries IPv6)

Encryption cipher: AES-256-GCM
(The encryption cipher is a deprecated option but used for compatibility with older servers)

HASH Algorithm: SHA 512
Hash algorithm is necessary because you are using tls-auth

First Data Cipher: AES-128-GCM
Second data cipher: AES-256-GCM
Third Data Cipher: Chacha20-Poly1305

Compression: Disabled (this is different from No)

Inbound Firewall on Tun: Checked (Enabled, otherwise your network is exposed)

Tunnel MTU settings:1400

Verify Server Cert.: Checked (Enabled)

In additional config remove everything you already have there and I mean everything only try with the following:
verb 5
keep alive 10 120
pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6
block-ipv6


Reboot and send a picture of the OpenVPN status page (whole page)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Sun Feb 19, 2023 18:31; edited 5 times in total
NetJackACDC
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 12

PostPosted: Mon May 02, 2022 11:50    Post subject: Reply with quote
FYI, I just tried your settings and it wouldn't connect so SS needs one of those settings to connect. Too bad the OP didn't come back to test it further.
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Mon May 16, 2022 8:48    Post subject: Reply with quote
Overclocking to 2.0Ghz on the r9000/xr700 would also improve OpenVPN throughput.
_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum