Tomato OVPN Client: Traffic SLOW

Discussion in 'Tomato Firmware' started by richyroland, Jul 16, 2017.

  1. richyroland

    richyroland New Member Member

    Hi guys

    I got Tomato version v2.4-138 Mega-VPN running.

    I want to use the openVPN-Client to direct all internet traffic over the VPN server.

    And I want to safe the keys into files on a USB-stick (instead of pasting them into the GUI). This allows me faster switching between servers. Like outlined here for server-configs:

    Traffic gets redirected. However, internet gets terribly slow: Normally I get around 40Mbps, with VPN on it falls to 4Mbps. If I connect to the same VPN-server directly from the computer, I still get about 35Mbps - so the bottleneck is clearly somewhere inside the router, not the VPN or my connection.

    - Whant can be done to make traffic pass through openVPN - client decently fast?

    Thanks :) !
  2. PetervdM

    PetervdM Network Guru Member

    use a more powerful router. encrypting / decrypting vpn packets costs a lot of cpu cycles!
  3. richyroland

    richyroland New Member Member

    Any trusted recommendation...? I like Tomato to begin with :)
  4. richyroland

    richyroland New Member Member

    ... and true: there are 2x 1000 mhz router's CPUs around, anyway, mine runs at 500mhz which is already not so bad. Shouldn't it work already decently on a 500mhz cpu?
  5. PetervdM

    PetervdM Network Guru Member

    can't do a really good test right now. i have a R8000, dual-core 1000MHz. on an open wifipoint known to run 10/2 i get 9.15 down and 1.87 up. with vpn switched on i get 8.39 down and 1.75 up. the cpu does not exceed 25% usage. keep in mind that the vpn routine does not multitask and don't necessarily pick the least loaded cpu. i'm running Tomato Firmware 1.28.0000 -2017.2-kille72- K26ARM USB AIO-64K which has the most recent openvpn version and has patches for several flaws, see the release notes. for more info see:
    Last edited: Jul 16, 2017
  6. richyroland

    richyroland New Member Member

    Thanks for this advise. I ordered a dual-core 1000mhz cpu router. I hope this will make a difference.
    Last edited: Aug 7, 2017
  7. richyroland

    richyroland New Member Member

    I installed my 2x1000mhz router now with Tomato. Here are the findings:
    Without VPN: 40 Mbit/s up, 40 down.
    With VPN on PC: 30 up, 31 down.
    With VPN on router: 12 up, 22 down

    So... the new router connected to the VPN is 3x faster than the previous one. However, it still is a bottleneck, compared to connecting from the PC to the VPN and slows down traffic from 30 Mb/s to 12 Mb/s.

    I might try the original router firmware, too, to figure out, if it is faster, but no time for now for more experimnts...
  8. ladra

    ladra Serious Server Member


    I've been using several N66U and AC68U for many years. From my experience and what I have read(on the forums) in the past, what you are experiencing is normal. I believe around 20Mbit/s is the max for these routers, I know the N66U maxed around 10Mbit/s.

    Maybe the newer, more powerful, routers can do a bit better...

    I'm not an expert, just sharing my 2 cents.
  9. richyroland

    richyroland New Member Member

    Thanks for that feedback!
  10. brav

    brav Addicted to LI Member

    A little late, but slow VPN speeds on a R8000-1000 MHz (dual-core) on torguard using AndreDVJ's latest AT build-
    I get 100 DL without vpn, and about 27 DL with VPN on as client 1.

    Does client 1 use the 1st or 2nd CPU? It didn't seem to matter which client I used. And is there a way I can see the CPU load on each core?

  11. remlei

    remlei Networkin' Nut Member

    that's pretty much expected to be honest, no matter how fast your consumer router is, it will still be a bottle neck. and vpn speeds are getting faster and faster, I dont think it can catch up with current router specs today, not to mention that there's no chance that tomato will support hardware crypto given that were still stuck on kernel version 2.6.

    if you want fast VPN, you may as well stick with pfsense or something similar with a processor that supports hardware crypto (eg AES-NI). I can push about 200mbit of bandwidth without taxing the cpu too much (or most of the time its idling due to tcp hardware offloading).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice