OpenVPN vs L2TP for Netflix streaming

I've recently tested streaming Netflix using OpenVPN on Linksys WRT1200AC running OpenWRT 18.06.1 and L2TP on an underspeced TP-Link with stock firmware.
The TP-Link on L2TP does a great job on streaming quality than the Linksys WRT1200AC on OpenVPN.
My provider is ExpressVPN.

It sounds strange for me. Why an underspeced router on L2TP win a powerfull router on OpenVPN?
Am I missing something on the OpenVPN config to boost the video quality while streaming?

Your help will be much appreciated.


It's to be expected.

  1. OpenVPN runs user-space vs L2TP that is entirely kernel space (or at least it can be).
  2. L2TP does not provide any encryption

Dont forget the fact that openvpn runs single core only.

With no encryption (L2TP), there's very little computational overhead involved, as pointed out above.

If you're running OpenVPN only for this purpose, you might want to check if compression is enabled. With highly compressed video, especially from a "professional" source, trying to further compress it is very unlikely to provide further gains and may even slightly increase the bandwidth. No need to waste cycles when there's no meaningful gains to be had.

You'll never be able to beat the speed of no encryption vs encryption, however it should also be kept in mind I've yet to see a 3rd party VPN provider do anything to tune their configs for maximum client side throughput.

  • Too often they utilize the maximum encryption possible, of which offers zero additional protection.
    • AES128 will remain uncrackable until at least 2030, so using AES256 does nothing but serve to severely tax the CPU and massively throttle throughput
      • To demonstrate just how bad that throttling is, issue the following and compare:
        openssl speed aes-128-cbc & openssl speed aes-256-cbc

  • No MTU or Buffer tuning is configured, and often they're not offering clients the opportunity to choose SHA256 or SHA512 (x64 CPUs process SHA512 more efficiently than SHA256)
    • While the hash algorithm should be SHA256 in the OP's scenario, if one was utilizing a PC, or even certain smartphones, this would matter significantly.

  • Many times they're running OpenVPN 2.3, which doesn't support EC ciphers, as they're vastly more efficient than non-EC ciphers

  • On top of the latter, too often they're not even running TLS ciphers, which are more efficient than SSL ciphers.
1 Like

Even if you turned off encryption and compression in OpenVPN, I think kernel L2TP would beat it hands down. For OpenVPN throughput you need raw single core CPU power.

My C2600 manages close to 40MB/s from my testing, should be more than enough for streaming. I think the Marvell CPU in the WRT1200 is quite fast as well, is it really that much different to mine? What kind of speeds are you getting in throughput tests with VPN?