OpenVPN client (low bandwidth on flashed R8000 router and QNAP NAS)

  • Bare with me through this background information and I will get to pfsense stuff.

    I have a R8000 Netgear wifi router, I instaled the tomato shibby firmware, disabled all wifi, and I'm using it just a a router.

    These are the scenarios that I have tried so far - they cannot deliver acceptable VPN speeds (my Internet speed is Gigabit, I get about 950Mbps without using VPN):

    1. OpenVPN client on my R8000, and when connected to PIA I can get only speeds up to 45Mbps and the CPU (overclocked to 1.2Ghz) goes to 85%.
    2. OpenVPN client on ny QNAP NAS (it has a quad core celeron 2.0Ghz) and sharing the VPN tunnel to my network - with this setup I get 65Mbps.

    The only test that gave acceptable speeds is if I setup the OpenVPN client directly on my PC.

    1. I checked and PIA speeds are usually around 400Mbps when direclty connected to my PC.

    I read a lot about it and to be able to share a VPN conection to the network without losing bandwidth the router must have at least a i3 dual core 3.0Ghz to be able to process the NAT+VPN tunnel connetion - the only alternative is to build a router and use pfsense (or Linux).

    What I want to setup is a router that will have a WAN connection and basically 2 VLANS:
    VLAN1 - all my wired and wireless
    VLAN2 - My PS4
    VLAN3 - my PC

    On the VLAN1 - I will have OpenVPN client active all the time, so all traffic on the VLAN will go through the VPN service provider.
    On VLAN2 - will be basically a DMZ - the PS4 will face the Internet without any filters or firewall
    On VLAN3 I will have my computer that will have the basic firewall and routing features (such as uPnP) but what differs this VLAN from the the VLAN1 is that all traffic here will not have a VPN.

    If I decide to go with pfsense, what kind of hardware would give me the necessary juice to make this happens where hardware would be the bottleneck ? i3 Intel 7th generation ? i5 quad-core 7th ?

    Does anyone have a similar enviroment ?

  • Rebel Alliance Developer Netgate

    Your PC Probably has AES-NI hardware acceleration to reach those kind of speeds with OpenVPN, your other client examples most likely do not have such acceleration.

    If the hardware you choose for pfSense has AES-NI, you'll likely be pretty well off, but it would still need to be a good speed CPU to get anywhere close to what you're seeing on the PC. 1GBit/s of OpenVPN is not easy to achieve.

  • Hello @jimp,

    Thank you for the answer.

    The hardware that I'm thinking about for Pfsense is as follows (main parts):

    Processor: either an i3 dual core Intel 7th gen (7100) or I could go as high as an i7 (7700K)
    Network card (besides the built-in ones on the mainboard):

    Do you think that will work ?

  • About the AES-NI:

    I just checked, I guess I'm good to go if I'm going to use Intel's 7th gen CPU, now the question is… what speeds? i3 3.9Ghz dual core? i5 4.2Ghz quad-core? :

    The following processors support the AES-NI instruction set:

    Intel Westmere based processors, specifically:
    Intel Westmere-EP (Xeon 56xx) (a.k.a. Gulftown Xeon 5600-series DP server model) processors.
    Intel Clarkdale processors (except Core i3, Pentium and Celeron).
    Intel Arrandale processors (except Celeron, Pentium, Core i3, Core i5-4XXM).
    Intel Sandy Bridge processors:
    Desktop: all except Pentium, Celeron, Core i3.[5][6]
    Mobile: all Core i7 and Core i5. Several vendors have shipped BIOS configurations with the extension disabled;[7] a BIOS update is required to enable them.[8]
    Intel Ivy Bridge processors.
    All i5, i7, Xeon and i3-2115C[9] only.
    Intel Haswell processors (all except i3-4000m,[10] Pentium and Celeron).
    Intel Broadwell processors (all except Pentium and Celeron).
    Intel Silvermont/Airmont processors (all except Bay Trail-D and Bay Trail-M).
    Intel Skylake processors.
    Intel Kaby Lake processors.

Log in to reply