Optimizing PIA OpenVPN speed on Advanced Tomato

A while back I noticed that my ISP was throttling my speeds for most things, and that using a VPN worked around that throttling. I use Private Internet Access (aka PIA) as my VPN provider (I’d recommend them any time, if you sign up here we’ll both get 1 month free!), and I confirmed this with their desktop application running on my computer, but I wanted a way to centralize the VPN connection so I didn’t have to start one form each device in my home network.

Luckily I use open-source firmware Advanced Tomato on my Asus R7000 router, and it can run up to two simultaneous OpenVPN clients. PIA can be set up in a bunch of ways one of which is with an OpenVPN client, so it was perfect! They even have a guide on how to set it up in Advanced Tomato.

So I got everything working without much hassle… but my Internet speed was way worse than when I used the PIA desktop application. With the app I got my “line speed” of ~60 Mbps (what I expect to get from my ISP), but with OpenVPN on the router I got an average of 12 Mbps (I’ll only talk about download speeds, since my upload isn’t particularly fast anyway). Some research led me to decide that the router’s processor was the bottleneck, particularly due to the need to encrypt/decrypt traffic from the VPN tunnel. It’s a dual-core 1GHz ARM chip which apparently does not have native hardware instructions for cryptography, so it needs to do it with software and is thus limited by CPU speed. Some newer routers with newer chips are apparently getting hardware-accelerated cryptography. Keep that in mind when buying a router if you have a setup like mine.

I tried tweaking some settings in the router’s GUI but couldn’t get any real improvement, so I resigned myself to lower speeds when I wanted to have the VPN on in the router.

Today I decided to come back to the topic and see if I could improve the situation, and found two things that made a noticeable difference:

  • Overclocking the router
  • Adding the fast-io, sndbuf and rcvbuf settings to my OpenVPN configuration:
    openvpn custom settings

I’ve never been one for overclocking my hardware, but I read several posts about people doing it without problems so I went ahead and bumped my router’s clock speed from 1 to 1.4 GHz, and just with that, my Internet speed jumped from 12 to 18 Mbps. Not back-breaking, but a very appreciated 50% improvement!

But the real game changer were the OpenVPN settings, which took me from 18 to 30-35 Mbps! The OpenVPN documentation has great explanations for all possible options if you’re interested in the details. In short, fast-io can help non-Windows systems by optimizing certain code paths, while sndbuf and rcvbuf control the send/receive buffer sizes for the UDP or TCP socket.

Now, note that the specific number for sndbuf and rcvbuf will probably vary for each person/situation. The ideal value will depends on the latency to your VPN server, the reliability of the connection, and maybe other things. Regrettably, I don’t have a formula for you, so I’d suggest starting with a value of 524288 and then moving from there. In my case, 786432 was an improvement but going all the way to 1048576 gave me lower speeds. YMMV.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s