MT7621 OC and VPN

interinvest · February 17, 2025, 7:45am

Greetings,

First of all, I would like to ask how could I overclock my RT-AX53U with MT7621, I saw it had the possibility on 5.15 kernel, but sadly that's too old at this point. My router is in a cold place, so heat wouldn't be a problem at all.
Related to that, is any package (except firewall offload) that would increase the performance?

Secondly, whats the closes to have internet anonymity while maintaining 1GBPS connection? I saw that by using VPN/Wireguard, most likely my connection would top up to 250MBPS, which tbh aint that great, especially since 95% of the time I'm just using it for gaming. Anything else that would hide my activity from ISP, or not to log my connection? I know using VPN on devices would do the trick, but asking if anything would be possible router wise. Running 24.10.0 OpenWRT right now.

Thanks!

frollic · February 17, 2025, 7:54am

VPN sure ain't it - old, but still valid https://overengineer.dev/blog/2019/04/08/very-precarious-narrative/

read A Wireguard comparison DB.

You ISP can only see the IPs you're connecting to, if you use the https-dns-proxy or smartdns packages.

brada4 · February 17, 2025, 9:57am

24.10 enables crypto co-processor on mt7621, at present very limited algorithm support and for ipsec and cryptsetup only but there is some hope.

timur.davletshin · February 17, 2025, 10:37am

Probably with OpenVPN Data Channel Offload?

brada4 · February 17, 2025, 1:09pm

Yes, but one needs to juggle around algorithms to find one actually offloadable

romanovj · February 17, 2025, 5:21pm

openvpn dco v2 + patch for mcpu https://github.com/keenetic/ovpn-dco/commit/bf4c3d96dd48bdcef012036c20d77531b84a68a1

ps. on openwrt-24x we should disable rx-gro-list for mcpu patch
ethtool -K wan rx-gro-list off

upd. eip93 doesn't support aes-gcm or chacha20-polly1305, so wg will be faster

interinvest · February 18, 2025, 8:36am

So which one would you recommend for my case?

Any more details on this, or how to enable it, or make use of? I remember reading about it on the forum, but that was month ago

as a developer myself, I finally feel like a kid again. So these arent merged yet? Cannot be used? Or if yes, how :D?

Thanks for all the help guys. I got some details regarding uboot OC for MT7621, but its from 2023 as far as I can remember. Would that still be usable, good, without any problem for 24.10?

edit: actually, if any of these will limit the bandwith by much, like in the case of VPN, making it 200MBPS instead of 1GBPS, I don't care about that. It's not a priority, as I said I mainly use it for daily usage, but I wanted to try it out for the 0.1% tests i'm trying to run.

brada4 · February 18, 2025, 8:44am

Kind of enabled without even asking but...

timur.davletshin · February 18, 2025, 9:28am

cat /proc/crypto | grep eip93
driver       : authenc(hmac(sha256-eip93),rfc3686(ctr(aes-eip93)))
driver       : authenc(hmac(sha224-eip93),rfc3686(ctr(aes-eip93)))
driver       : authenc(hmac(sha1-eip93),rfc3686(ctr(aes-eip93)))
driver       : authenc(hmac(md5-eip93),rfc3686(ctr(aes-eip93)))
driver       : authenc(hmac(sha256-eip93),cbc(aes-eip93))
driver       : authenc(hmac(sha224-eip93),cbc(aes-eip93))
driver       : authenc(hmac(sha1-eip93),cbc(aes-eip93))
driver       : authenc(hmac(md5-eip93), cbc(aes-eip93))
driver       : authenc(hmac(sha256-eip93),cbc(des3_ede-eip93))
driver       : authenc(hmac(sha224-eip93),cbc(des3_ede-eip93))
driver       : authenc(hmac(sha1-eip93),cbc(des3_ede-eip93))
driver       : authenc(hmac(md5-eip93),cbc(des3_ede-eip93))
driver       : authenc(hmac(sha256-eip93),cbc(des-eip93))
driver       : authenc(hmac(sha224-eip93),cbc(des-eip93))
driver       : authenc(hmac(sha1-eip93),cbc(des-eip93))
driver       : authenc(hmac(md5-eip93),cbc(des-eip93))
driver       : rfc3686(ctr(aes-eip93))
driver       : ctr(aes-eip93)
driver       : cbc(aes-eip93)
driver       : ecb(aes-eip93)
driver       : cbc(des3_ede-eip93)
driver       : ecb(des3_ede-eip93)
driver       : cbc(des-eip93)
driver       : ebc(des-eip93)

timur.davletshin · February 18, 2025, 9:30am

Virtually any software which uses Linux Kernel Crypto API.

200 - is about what you can expect in best case scenario. Anyway mt7621 is hardly capable of making 1Gbit even with hardware offloading enabled.

brada4 · February 18, 2025, 9:44am

I got usb stick and cryptsetup works at 30MB/s (240Mbps) without breaking any sweat on main CPU.

timur.davletshin · February 18, 2025, 9:46am

... with some benchmarks.

Klingon · February 18, 2025, 10:48am

Sorry for my big ignorance , how can I apply the patch in my builds?

Is there any manual or guide about how to do it?

romanovj · February 18, 2025, 11:00am

https-dns-proxy, because smartdns will it your RAM

yes, should be ok at 1100MHz

For 1Gbps vpn you should lookt at cortex-A53@1.5GHz x 4 and better.

romanovj · February 18, 2025, 11:02am

place this patch into feeds/packages/kernel/ovpn-dco/patches

don't forget to disable rx-gro-list on wan or gro on wan or tun0

Klingon · February 18, 2025, 11:02am

@romanovj thanks for your help!!!

timur.davletshin · February 18, 2025, 11:12am

Just use IPsec and no patches required

interinvest · February 18, 2025, 11:15am

I read that even 1.2GHz is fine as long as you keep the router in a nice place. But how could I achive it? I read about keenetic or the other chinese openwrt alternative version, but they use uboot and openwrt wiki about the device doesnt show anything about it.
GitHub - DragonBluep/uboot-mt7621: MTK U-Boot (MT7621) v2018.09 Build Customized u-boot Online

Id be open for private messages if that could solve this faster, Id appreciate the help with the OC

Klingon · February 18, 2025, 11:16am

I've been using IPSec (Strongswan + IKEv2) for many years, but I have to admit OpenVPN is really good in many devices (Android, Linux, Windows....) and more easy to config
I'm tempted to try Wireguard some day

romanovj · February 18, 2025, 11:18am

Nothing to do with bootloader.
You need to build openwrt firmware with the kernel patch for OC.