All 4.14.x kernel images have flowoffload built by default. You can enable it in firewall page of GUI, or just edit file /etc/config/firewall.
1 Like
Do some speed tests whilst in command line on the router. Run the command htop, and watch processor utilization during the speed tests. Lets see how much headroom you have when downloading at 150mbps or 300mbps.
Also, it's been a while since I've looked at Flow Offloading, but seems to be there were some negative effects from enabling it. I would need to go back through to see if that's still the case or not, so I'm a little hesitant of enabling it unless I knew for certain the CPU couldn't handle the needed throughput.
I have been using flowoffload on a mamba and rango for ~5 months with no perceived ill effects (since the initial shake out back in the Feb-Mar time-frame). It is effective and transparent, and with the recent introduction of ath79, has provided a new lease on life to a C7V2 device. There may still be an issue with enabling HW offload on the one mediatek device that currently has the hardware offload plugin offered, but that is a moot point for the wrtpac devices.
Are you still defining OFFLOAD for the iptables forward rule to get it enabled? I believe the change wouldn't survive a reboot, and another file needed to be modified to ensure persistence through reboots?
There is an option in file /etc/config/firewall
config defaults
option flow_offloading '1'
which can be set via checkbox on Network->Firewall page, for the GUI orientated.
2 Likes
After following the above discussion I added option flow_offloading '1' to etc/config/firewall in the stock Venom firmware of my WRT32X.
Speedtest results were:
310Mbps before
390Mbps after
Thanks for the info!
If you can, please do 5 speed tests with 2 different providers with Offload off, and do the same tests with it on.
- EDIT* Also, with Venom, 300mbps is not CPU limited. You should get the same bandwidth with or without offload unless there's another hardware/software issue at play.
Yup, you're absolutely right. It was just a coincidence. I started running speed tests with Fast.com, Ookla & SpeedOf.Me. It was all over the place.
Anywhere from 410Mbps to 126Mbps.
My ISP is Cox. I pay for 300/30. My average 'off peak hours' speeds are usually around 340/34.
I set SQM QoS to 300/30 and that always gets me an A+ bufferbloat rating with DSLReports Speed Test.
Thanks! Sorry for the false alarm. 
300 will be fine - my v1 used to hit 600-700's - you end up turning off QoS as you have a lot more bandwidth to play with 
Awesome. Thank you.
I'm currently working on a script for people to use to install dnscrypt-proxy version 2. I'm hoping to have it done by the next build. Most of it is done, but need to test a few different variables to make sure it catches different scenarios. So, tonight I'll be uninstalling dnscrypt proxy 2 and do some testing.
4 Likes
Where to find this checkbox, hu?
A little thank you to you david. Coming from Asus RT66NU with WRT Merlin switched to Netgear R7800 but after a lot of trouble (ping spikes, etc.) i bought a used WRT1900acv2 and switched to your firmware. 2 months later i am happy as f... thanks to you! By the way: Yet Another Monitor is really great in combination with your fw!
Also looking forward to dnsycrpy-proxy v 2. I used the previous version but for me it was not stable enough. Every second week or so DNS failed somehow.
1 Like
Here is a script to install dnscrypt-proxy version 2. https://davidc502sis.dynamic-dns.net/releases/dnscrypt-proxy2.zip
Please unzip and change permissions to execute. I recommend running it from /tmp
Actually, I'm interested to hear what problems some may run into. There are a few variables, and I'm sure I didn't account for them all.
- It will check to see if your clients go to your router for DNS or the internet.
- Is dnscrypt version 1 installed and if so will be removed
- Will set up a temp forward and then eventually set up the permanent forward.
- It downloads, extracts, and puts everything where it is supposed to be.
- It enables and starts the process
- Checks to see if everything is running.
- Cleans up.
Base on the feedback will make changes to the script because it needs to be improved.
Edit
**Warning!!!
This script will shuffle things around to get dnscrypt-version 2 installed. It may partially install or completely install, but still it may not work. Be prepared to have to troubleshoot. To reverse, you can look at the dnscrypt-proxy instructions and go in reverse order. https://davidc502sis.dynamic-dns.net/dnscrypt/
2 Likes
Wow, very nice. Seeing this kind of script from David makes me think we all ought to be sending him money for the awesome work he does for us! I already have dnscrypt-proxy v2 running, but when we get around to doing the next upgrade I'll give this script a try.
2 Likes
Hello, I'm running both openvpn client and server on my Linksys Wrt 1900acs.
My inet speed is 100 Mbps and via vpn tunnel to vpn provider I always got that speed.
Recently I updated to latest build and now I noticed that I only have like 36 Mbps and I don't know why 
Now I know that there are many factors here to consider but I'm pretty sure I densed it down to the vpn client on the router. I use the same cipher as before.
I want to ask if maybe the openvpn or ssl package received an update recently that increases the routers cpu load or maybe some other services where added, that are running and using up cpu space.
I can provide more info if sb wants to help and needs additional info.
I'd just like to use my full inet bandwith through vpn, like I did before
I already asked for a donation button on his page in the past but he told me that it's not needed and we should better donate to the OpenWRT dev's... He's just a lovely guy! <3
@davidc502 Just add a donation button to your page so we can buy you a beer from time to time to honor your work... 
1 Like
Appreciate the thought but this is just one of a few hobbies I have, so I really don't put in a lot of work. The dev's do so much much more and they deserve the credit and or money you would like to donate.
I keep threatening to do this, but what I would like to do is set up a VPN for OpenWrt/LEDE users to connect to. Privacy is a big issue in the USA as untold companies continue to gather information to sell without any opposition. I received a warning from my A/V yesterday that some website put a super cookie on my PC that is persistent.. meaning it can't be deleted. This super cookie takes detailed snapshots of all the activity and sends that data back to some company to be later sold. Of course VPN's offer no protection vs super tracking cookies, but it will keep the prying eyes of the ISP's away.
1 Like
WRT32X and slow USB 3.0 File transfers
Looking for a little help and am a linux and openwrt n00b so please go easy 
Have used stock firmware for while and have been very happy with using USB 3.0 drive for a simple NAS and was getting around 30-40mbps file transfers (wireless). Have switched to Davids Build as far more stable (was loosing PPOE connection to modem randomly with stock) and am seeing much slower transfers with speeds dropping even slower then picking back up again (peaks and troughs) max is around 17mbps peak and around 3-4 trough. I have compared samba.conf file and the way the drive is mounted compared to stock and amended but doesn't seem to make much difference. Can anyone help please as not sure where to look next? Thanks in advance.
Awsome work by way the David.. I appreciate the time you have taken to create this for us! Ledge!