Discussion in 'Tomato Firmware' started by Mythoughts, Jul 8, 2013.

  1. Mythoughts

    Mythoughts Reformed Router Member

    Hey all!

    I have a special problem that I hope the experts that roam these forums can assist with. I truly hope people will assist, since this is a matter of loosing 12 months of subscription to a VPN service. I'll try to give as detailed information as possible.

    First, specs:
    • Router: Linksys WRT54GL
      • Router modification: Clock speeds set to 250mhz
    • Firmware: Tomato Firmware v1.28.7634 Toastman-IPT-ND ND VLAN-VPN
    • Internet connection: 100mbits (around 10.6 mb/s at full possible speeds)

    My router seems to allow only about 5mbits of connection speed after an OpenVPN tunnel has been opened through the firmware's OpenVPN client (HMA scripts). This has been confirmed as a router issue and not a server issue since the server allows unlimited speeds and an issue-free experience with the software from HMA.

    Attempts at a solution:
    1. With assistance from an HMA technical expert, we went through the entire firmware and didn't not find the source of the problem. Every modification to firmware settings yielded no difference in speeds. Confirmed with
    2. This is not a QoS issue (both tried turned on and off).
    3. Both UDP and TCP have been tested. Neither works better (note: the software uses TCP)
    4. Other protocols are not a possibility. The server needed to connect with does not support any other protocol than OpenVPN.
    Things confirmed as NOT causing the problem:
    1. The server being connected to. The HMA software works without a hitch and with unlimited speeds
    2. QoS
    3. Internet connection. Turn the VPN tunnel off and the internet speed is about 100mbits.
    I truly hope there is some master out there that might have any idea of what is causing the problem. That person will have my biggest thanks!
  2. koitsu

    koitsu Network Guru Member

    My first guess would be not enough CPU time. The WRT54GL is not exactly a power house; the CPU is classified as "old" by today's standards, and OpenVPN's encryption probably overwhelms it to the point where it can't do NAT and forward packets as quickly as sans VPN.

    My advice would be to:

    a) Cease doing the VPN tunnelling on the router, and instead do it on a client system behind the router (e.g. a Windows desktop machine, etc.) (I strongly recommend this method),

    b) Get yourself a higher-end router (e.g. RT-N66U, something along those lines).

    Above all else: never forget these routers DO NOT have CPUs in them that are even remotely as powerful as what's in a desktop/laptop/dedicated server. They are intended for very specific goals (specifically routing/forwarding packets and doing NAT), not "extracurricular" things like doing encryption.

    If you need something that provides excellent speed along with doing VPN encapsulation (not OpenVPN, but rather native IPsec), then you need to start looking at things like Juniper NetScreens -- and be prepared to shell out quite a bit of money. There may be vendors out there who make dedicated VPN concentrators that use OpenVPN, but I don't know of any off the top of my head.
  3. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Or get an old PC off the local classifieds with an extra ethernet card and set up an x86 router/firewall (e.g. pfsense). Would be cheaper than the N66.
  4. Malitiacurt

    Malitiacurt Networkin' Nut Member

    I'm surprised you pull that much speed in the first place. A WRT54GL at stock clock and Tomato firmware pulls around 30-40Mbps depending on what features you have enabled. Granted you overclocked by 25%, but still...

    Do what Marcel said if you want to utilize close to 100Mbps routed through vpn. Even an N66 won't come close to handling 100Mbps + encryption. There was a topic on this in the dd-wrt forums just recently about this and I recall they were only getting close to 20-25Mbps using the openvpn client on that router.
  5. Mythoughts

    Mythoughts Reformed Router Member

    Thanks to all of you. Yes, as you see, I'm no expert, therefore I called upon them :) You are right, the internet speed I'm talking about there is just for those who didn't know how much a 100mbps could produce in the more familiar mb size. I'm only getting around 500kb in mb on this router, that's why I needed the help. I'm a veteran computer person, but my understandings of routers has been none until now. Thanks to all of you, this explains a whole lot. I guess I won't fix this except with quite the expenditure.

    The reason I need a router is I have external devices I want to go through the VPN tunnel (TV streamer etc.). Is there a way to do this cheaper with a laptop for example? Is there a tutorial somewhere that explains how to do this through a computer (as suggested by Marcel)?
