Problem with openvpn on asus rt-ac85p

I'm currently on latest stock firmware and I'm having some issues getting my vpn working on my router.
I'm using a smaller vpn company in my country and they have no support for using it on the router, so no help there.
But i uploaded the ovpn file, it told me i lacked certificate and static key, which i added.
But instead of getting a check mark I'm getting a yellow exclamation mark. I'm able to connect to the vpn and change ip but I'm only getting 15-20mbps out of my regular 100mbps.
Anyone who can help me figure out what I'm doing wrong? If not, is it something that could be fixed with openwrt?

Asus stock or OpenWrt stock? If OpenWrt, what version are you running (there is at least 18.06.4, 19.07, and master/snapshot builds that are "latest" by various criteria)?

When you say "100 Mbps", is that without the VPN? Many consumer all-in-one routers aren't capable of more than 10-15 Mbps with OpenVPN. Getting 100 Mbps with OpenVPN typically requires a high-end, ARM-based router (though I haven't tested one that can reach 100 Mbps), upper-range x86_64/AMD, or stand-alone VPN end point with crypto and significant processing power. (Getting 100 Mbps with WireGuard and mid-range, ARM-based routers is possible.)

1 Like

Stock asus.
Without vpn I'm getting pretty much all my 100mbps, same with the vpn running on the device instead, at least not below 90.
Pretty disappointing to hear about the speeds, but since I'm not getting the green check mark like i should there's at least something wrong which might give me a bit more bandwidth if I'm lucky.
Do you know if it's possible to set vpn per device on stock asus firmware and also on openwrt?
I know the speed is based on the hardware but will it make any difference if I'm running asus stock or openwrt on the speed?

With stock Asus firmware, working with the Asus support resources would be more fruitful. This forum supports the OpenWrt firmware, not the OEM.

That's the main driver. With a MIPS-based SoC, given that OpenVPN (and most VPNs) are effectively single-threaded processes, I think you're around the limit. From what I've just read, the crypto engine in that SoC doesn't significantly accelerate OpenVPN (I have no personal experience with the SoC).


I know this forum is dedicated to openwrt but i can't find a specific asus forum, I've already tried snbforums and another one without a single response in a week.
If you know a forum i can turn to I'll definitely try there instead.

But do you know if other protocols would give me higher bandwidth and also what kind of router would you recommend to get the highest possible bandwidth using a vpn?

I don't know much about the Asus support channels or forums.

On VPN protocols, WireGuard is an option worth considering. While a relative newcomer, I'm now of the opinion that it has had a reasonable period of time for its protocol to be examined and I now consider it "secure enough" for my purposes, providing "reasonable" security in encapsulating my traffic from view when on public WiFi, cellular networks, and the like. Clients are available for iOS, Android, macOS, Windows, and current Linux distros. A mid-range ARM-based device should be able to handle in excess of 100 Mbps through WireGuard with SQM enabled.

If you have basic Linux skills, you can spin up a WireGuard "server" (it is a peer-based protocol, not client/server) on a VPS. A suitable VPS can be "rented" for US$5 a month. The best reference I've found for WireGuard is may also be helpful.

1 Like

fwiw, the RT-AC85P is powered by Mediatek MT7621AT according to wikidevi. Unlikely you will get more than 20 Mbps openvpn speeds as AsusWrt does not usually support hardware accelerated AES encryption.

On the other hand, if you wish to stick with Asus hardware, the higher end RT-AC86u apparently supports hardware accelerated AES encryption when using custom AsusWrt Merllin firmware. Go to forum for more information about Merlin firmware.

This may be useful. RT-AC86u 75 Mbps openvpn speeds with stock AsusWrt or 170 Mbps with AsusWrt-Merlin with hardware accelerated AES encryption enabled:

For your RT-AC85p, have you tried PPTP or L2TP instead of OpenVPN protocol to see if you get better speeds?

There is no OpenWrt support for RT-AC85p at this time.

I purchased the ac85p just a few days ago, and i thought there were openwrt support for it, but i noticed yesterday they had a sale on the ac86u for only $20 more so i actually went back yesterday and switched router. Ac86u seemed alot better from what I've read so it's good to hear i did the right thing

I've read a bit about wireguard and it don't seem completely secure yet, but i could be wrong.

I'm gonna install it today and see how it goes. Not sure yet if I'm gonna start with merlin or just go straight to openwrt, what would you recommend speedwise and also if i want to set the vpn separately for my devices? I can deal with 20mbps on several of my devices but not on my pc so if i can't get enough through to my pc I'd rather run openvpn on the pc itself instead

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

For any further questions regarding OpenVPN setup, please open a new topic in the appropriate forum section.

fwiw, I definitely would NOT install openwrt onto RT-AC86u. 5 GHz wifi may not work with OpenWrt on this router due to poor support for Broadcom based designs.

If stock AsusWrt is not fast enough (70+ Mbps openvpn?), then consider using Merlin.

So i just installed it and tried the speed through my vpn and it's all good.
I'm getting 90mbps down and 9 up with the stock firmware. Best $20 I've ever spent.

It's giving me a new secure ip but I'm still getting that exclamation mark next to the connection on the router page which I'm a bit worried about.
Don't really know how to fix it or even check if I'm completely secure since i don't have that much experience with this, and the vpns support has no experience in setting it up inside the router so i guess i just have to hope for the best.

Do you know where i can look up how to setup rules to block the connection if the vpn goes down and perhaps even setting up something so if i want to use a device without the vpn i can do that without turning it off for all devices

This forum is for OpenWrt. For AsusWrt questions, perhaps you should try the smallnetbuilder forum.

1 Like

90 Mbps OpenVPN through a mid-range ARM router SoC is highly unlikely with any firmware. That combined with the exclamation mark suggests that the VPN connection is not established.

As pointed out above, resolution of issues with Asus firmware are better handled on other forums and that the wireless in the RT-AC85P likely falls under the "unsupported with open-source drivers" issue common to many Broadcom wireless chips.


Well as mentioned above i went back and switched my 85p for the 86u.
When connecting to the vpn i get a new ip with a different location and the vpn providers website tells me I'm connected.
When i connected to the vpn on 85p it went down to 20mbps, on the 86u i get between 86-93mbps when testing it or just downloading. If i disconnect from the router i get my regular ip and location back and i also get 99-101mbps
So I'm obviously connected to something.
Also, when the vpn can't get a connection it just fails, you don't even get the exclamation mark. Seems like you get the exclamation mark if there's any kind of warning or error in the log.

I still have the problem with a specific error in the log which seem to happen both on pc and on the router but since I've changed router and don't even use openwrt, i guess I'll keep looking for a solution elsewhere.

Thank you all for the help and answerers provided

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.