hi, does anyone have any experience of what speeds are possible with openvpn client on a ipq4018 based router?
I found this old thread suggests 60 mbps which seems awfully optimistic compared to 30 mbps with MT7621 which has a higher clock speed.
https://forum.openwrt.org/t/which-hardware-for-x-mbit-openvpn/19410/24
Very different processor cores, so much more than clock speed is involved
Edit: That graph is, I think, "artist's conception" rather than hard data.
From the same vendor, who actually tests them and whose numbers seem to be reasonable (and would be self-consistent, at the very least):
That graph is as good as the input that the users provide.
Everybody can help to improve it.
Performance will highly depend on crypto algorithm and optimization.
Setting -O2 instead of default -Os helps quite a bit and that also includes enabling optimization for OpenSSL (-O3) helps quite a bit. You might have better luck using mbed TLS instead on OpenSSL however, at least I found it to be faster than OpenSSL on MIPS.
For anyone who is interested, my Linksys EA6350 v3 (IPQ4018) finally arrived from Amazon UK (Still £34 price matching ebuyer.com) after a long 3 week wait.
Installed OpenWrt 19.07 snapshot, and OpenVPN client.
Speedtests report 29-30 Mbps download speed via ethernet LAN port, and about 26-27 Mbps via 5GHz wifi.
Compared to 14 Mbps from an old Western Digital N750 (AR9344), 13 Mbps from TPlink Archer C50v4 (MT7628), and 10 Mbps from HH5a (Lantiq).
@bill888 how did you managed to achieve such good speed using openvpn?
I'm testing with linksys ea6350 snapshot with ethernet lan port and the most I can achieve is avg 20Mbit/s
The end point is local to my region.
Download: 21.54 Mbit/s
Download: 22.43 Mbit/s
Download: 17.93 Mbit/s
Download: 22.66 Mbit/s
Download: 21.72 Mbit/s
Download: 18.70 Mbit/s
Download: 18.96 Mbit/s
Download: 18.37 Mbit/s
Here are some results using speedof.me and speedtest.net, via ethernet which I just ran. I'm connected to nearest endpoint via my vpn provider.
The low upload speed is limited by my ISP upstream VDSL connection.
Part of my .ovpn client config file stored on ea6350v3 looks like this:
client
dev tun
reneg-sec 0
persist-tun
persist-key
ping 5
ping-exit 30
nobind
comp-lzo no
remote-random
remote-cert-tls server
auth-nocache
route-metric 1
cipher AES-256-CBC
auth SHA512
I do admit I was previously using a different out of date .ovpn file when I reported 29-30 Mbps possible. Update: I tested both files and can't honestly see much difference in performance.
My ea6350v3 is piggy backed onto my main wifi router. ie. it is Not my primary facing internet router.
Wifi is also disabled on the ea6350v3.
I don't know if it makes any difference, but I use my openvpn client setup guide I wrote for HH5A, to set up using OpenWrt 19.07 snapshot (25 July 2019) to connect to 3rd party VPN provider.
Thanks for sharing. I think you are using a VPS setup. I'm using a VPN provider.
What is VPS setup?
I'm running openvpn client 2.4.7 in OpenWrt 19.07 snapshot on ea6350v3 connecting to a 3rd party VPN provider.
https://www.redstation.com/ is your exit point which i thought might be you are renting a Virtual Private Server (VPS). My bad.
Testing with a very similar IPQ4019-based EA8300 (primary difference in SoC being that it supports PCIe for a third radio), using iperf3 from the router to a local server I see:
There is more variation in the WireGuard results that I would like to quote that as a "hard" number (occasional runs under 260 Mbps). I'm checking to see if it is due to irqbalance not being installed.
master build from last night's source.
(Using irqbalance did not improve the results for WireGuard.)
Is that using -O2 globally?
"Stock" master, taking defaults for OpenSSL and OpenVPN.
OK. I probably had a Friday Unit. The wifi was locking up/range was fluctuation. Had an exchange unit from Amazon, now its hitting 25Mbps consistently on VPN and also wifi is stable.
Recompiled with -O2 and the OpenWrt performance appears to have improved to ~ 26 Mbps.
--- a/dot.config
+++ b/dot.config
@@ -347,9 +347,10 @@ CONFIG_EXTERNAL_KERNEL_TREE=""
CONFIG_KERNEL_GIT_CLONE_URI=""
CONFIG_BUILD_LOG=y
# CONFIG_SRC_TREE_OVERRIDE is not set
-CONFIG_EXTRA_OPTIMIZATION="-fno-caller-saves -fno-plt"
-# CONFIG_TARGET_OPTIONS is not set
-CONFIG_TARGET_OPTIMIZATION="-Os -pipe"
+CONFIG_EXTRA_OPTIMIZATION="-fno-caller-saves -fno-plt -O2"
+CONFIG_TARGET_OPTIONS=y
+CONFIG_TARGET_OPTIMIZATION="-O2 -pipe"
+# CONFIG_SOFT_FLOAT is not set
# CONFIG_EXTERNAL_TOOLCHAIN is not set
CONFIG_NEED_TOOLCHAIN=y
# CONFIG_TOOLCHAINOPTS is not set
Is that using mbed TLS or OpenSSL?
If OpenSSL --> https://github.com/openwrt/openwrt/blob/openwrt-18.06/package/libs/openssl/Config.in#L58 
OpenSSL - setting up a test harness to run “stock” builds with both iperf and flent for a variety of boxes. Routing, VPN, and SQM on the list. Not thrilled with the performance of the bridge-integral Intel NICs (i219, e1000 driver) on the mobos. (The on-board, i211, discrete Intel NICs work quite well.) Need to dig up a PCI NIC.
Hmm? Pretty much all Intel NICs seems to perform great as far as I can tell at least on FreeBSD.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.