Best router for OpenVPN (speed)

Discussion in 'Tomato Firmware' started by bengalih, Oct 25, 2013.

  1. bengalih

    bengalih Network Guru Member

    So I just updated my old WRT54GS running 1.28 original to "tomato-K26-1.28.RT-MIPSR1-114-Max."
    I was wanting OpenVPN support (as well as IPv6 and VLAN as bonus).

    I got the OpenVPN running but the speeds are horrible. Normally I have like 17Mbps down/6Mbps up.

    With OpenVPN running on the router my speeds dropped to like 3/2.5.

    I am considering purchasing a new router to handle this task - but I'm not sure there is anything out there powerful enough to run at full speeds (minus encryption overhead).

    Can anyone recommend a newer router that is up to this task?
  2. pietja

    pietja Networkin' Nut Member

    You could try running a non K26 build on you router like Tomato-ND-1.28.5x-114-VPN.trx because the older ND builds should be faster. You can also try to overclock your router for a bit more speed.
    And for buying a new router, how much are you willing to spend ?
    Last edited: Oct 25, 2013
  3. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Running VPN client on a PC would give you maximum speed.

    If you must run it on a consumer router, then pick the router with the fastest processor you can afford (eg. N66U. ARM routers are not yet supported by Tomato).
  4. bengalih

    bengalih Network Guru Member

    Price is not an object...Obviously, i would prefer to spend as little as possible to meet my needs, but if the problem can only be solved with a $2-300 router, then I will consider buying it *if* indeed it will work.

    I would prefer not to run the VPN client on a PC, as I would like my entire network traffic to be encrypted.
    I have looked at some other options with DD-WRT which would include installing it either on a physical PC or perhaps on a virtualized guest on my ESX server. However, I do not like these solutions because I prefer not to support another stand alone system (including power, space, and heat requirements). Additionally, while conceptually I think I can run it on my ESX box, I prefer the always on nature of a router appliance.

    I don't know if this is a wild goose chase - but are their any consumer class devices that are up to the task?

  5. pietja

    pietja Networkin' Nut Member

    I have a OpenVPN server running on my Asus RT-N66U and the VPN is as fast as my internet connection upload (60Mbps down and 6Mbps up).

    I have tested the RT-N66U as a normal router between my desktop and home server and it is routing at almost the speed of the 1Gbps connection.
  6. jerrm

    jerrm Network Guru Member

    I think you have a 200mhz processor in that unit. The fastest Tomato supported routers are the Asus RT-N66U(fully supported) and the Asus RT-AC66U(mostly supported, but still a work in progress). For OpenVPN they should perform virtually the same as both have a 600mhz processor. Both cost $150+ US.

    The most bang for the buck would be from a one of several routers with CPUs running in the 453-480mhz range, like a Belkin F7D8301($35) or Asus RT-N16($80).

    If OpenVPN is the main concern, then you may want to consider an Asus RT-AC56U running Merlins AsusWRT. It's ARM processor will outpace anything that currently runs Tomato (but Victek is working on it).
    Last edited: Oct 25, 2013
    Marcel Tunks likes this.
  7. bengalih

    bengalih Network Guru Member

    Thanks for the info. I purchased a netgear WNDR3700 about 1.5 years ago to replace my WRT54GS running original Tomato. I had issues with it not wanting to do even the most basic routing between my main network ( and my virtual networks on my ESX box ( I don't recall all of the issues at the time, but I had the problem both with the stock and the Netgear dd-wrt firmware.
    Rather than invest a lot of time, I went ahead and set that up just as my WAP and kept my WRT54GS as my ISP router. I don't know if the WNDR3700 is powerful enough to try and re purpose as my tomato ISP router again? It is an Atheros chip, so I don't think it will work...

    In addition to the Linksys and the Netgear I have a spare D-LINK DIR-615 which I got DD-WRT on because I was hoping to do VLANs, but apparently VLAN support on atheros hardware with DD-WRT is not very good.

    Right now my main needs are as follows:
    - Open VPN client
    - VLAN support
    - IPV6 (can't use right now because of ISP, but may set up a tunnel - or just want it for future support-ability).

    At this point I think I have given up getting a device that is going to do all my routing AND wifi functions as either I can't find one that reliable does both, or I don't have the time/patience to figure out how to get them all working. I will likely leave my NETGEAR as my WAP for now and can always try to add WAP functionality on to a working router later.

    I have an ESXi server that hosts several subnets for lab work. Currently I have been using a CentOS VM to act as a router between all those subnets and pass external traffic to the WRT54GS. This way I can route between all my physical and virtual networks.

    I'm doing a test right now where I have installed DD-WRT on a x86 VM and am about to try to use that virtual machine as my actual ISP router. The main test here is to see if I can get OpenVPN client to function on it, and function on it well. If so, I may consider moving to something like pfSense or Vyatta as a Virtual Firewall/Router because the DD-WRT doesn't support IPV6. If only Tomato had an x86 version, I might be able to use that.

    My last challenge is to do the VLANs, which would extend the "Virtual" switches inside the ESX box outside via a physical trunk. I'm trying to visualize it conceptually, and not sure if I will need another VLAN aware switch on the *outside* of my ESX box if I only want a single VLAN to extend both into and out of the box.

    So those are my challenges. Right now I have the Netgear, Linksys, a basic Switch, and the ESX virtualized devices. In the end, I would like to not have more physical devices than I have now, and preferably less - if I can roll all this functionality into one or two.

    I know I went a bit off track here - but I wanted to describe what my needs were to see if I am wanting too much than what I might expect from today's consumer tech with custom firmware. Ideally, someone reading this understands exactly what I'm trying to do and can maybe offer some more assistance.

    thanks again.
  8. bengalih

    bengalih Network Guru Member

    Have one additional thing to ask...that maybe I overlooked.

    If I'm using OpenVPN client to connect continuously to a Tunnel provider, then does that mean I will be unable to port forward and access systems on my local network?

    In essence, I would want all traffic that originates in my internal network to go through the OpenVPN tunnel, but I *also* want to allow traffic into my normal IP address from external sources. Is this feasible?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice