Linksys WRT1900ACS - VPN slow in 3 configurations

I recently acquired the Linksys WRT1900ACS and flashed OpenWrt onto it, so far, so good. However, I wish to use VPN through the device, but using three different setups, I get 1 Mbit download speed where without VPN it is 40 Mbit (as expected). The three configurations are: WireGuard Server on the router itself, WireGuard Server on a Raspberry Pi inside my home network/behind the router, and an OpenVPN (work) connection with client-side connection outside of the router (server outside of home network). All of these configurations seem to give the same horribly slow download speed (upload speed is somehow reasonable). SQM is installed and buffer bloat is reduced in scenario without VPN. MTU has been adjusted.

I have the same issue with the 1200AC
Connecting the PC directly to the ISP router gives 3x more speed that via openwrt on 1200AC.

That means you experience the slowness while using VPN?

Hey,
i am running a wrt1900acs v2 (18.06.5 and 19.07.0-rc1) with wireguard installed right to the router - my provider serves me with 200 mbit/s downstream and 20 mbit/s upstream.

When i connect my iphone via lte and wireguard (fulltunnel) , i get 18 mbit/s downstream (so 90% of max) and 15 mbit/s upstream (75% of max).

While testing via openvpn, i get just 50% each ...

Regards,
Andreas

I use Softethervpn5 on my wrt1200ac with its own protocol + client, in half-duplex/tcp mode (1 up, 1 down). This was considerably faster than my old Openvpn setup, for my use-case (samba4 over WAN).
Yet i would expect Wireguard to easily beat or at least match it?

PS: They also advertise with better openvpn speeds in openvpn compatible mode, but never tried it.

Since you’ve got configurations tested where the router is just passing packets, it seems likely to be your VPN provider or your line. As a guess, I’d be looking at packet loss.

I've changed my initial message becuase I was using the term 'behind the router' in two different ways. The raspberry pi setup running WireGuard server is inside my home network, thus set up by me. The work OpenVPN server is not. netstat -i on the rpi returns this:

Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1500    376277  0    53     0         214167  0    0       0     BMRU

so not much packet loss on the device itself. As far as I know all the cabling is fine, I don't have any problems connecting to devices connected by ethernet inside my network.

Interface statistics are going to show Ethernet packet loss, not that between your router and the remote server/client/peer.

At least as I understand your topology, you're seeing poor performance in one direction even when there is no encryption being performed by your router. That, to me, suggests that it is not your router but either the link or one or more of the end-point implementations.

If I were chasing it down, I'd run WireShark to watch the packet flows and see if there is significant retransmission going on, or something else strange.

Packet sniffing the LAN shows there is no packet loss from the wireguard server to my mobile client when performing a speed test. Also I found this post which refers to the v2 (which I have) as a problematic router. Slow internet is also prominent from within the nework wihtout VPN, as well as on the VPN connected mobile client connected from outside of the home network to the WireGuard server inside of it.

1 Like

Further testing with yet another router seems to lead to the conclusion that something is wrong with my modem when its in bridge mode. So, probably not the Linksys's fault after all.

1 Like