VPN Client capped on AX3200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VPN Client capped on AX3200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN Client capped on AX3200
VPN Client capped on AX3200
2021-12-27 15:34:49 - last edited 2022-06-23 09:58:10
Tags: #VPN
Model: Archer AX3200  
Hardware Version: V1
Firmware Version: 1.1.0

I have AX3200 on 1.1.0 build 20211015 rel. 66720 and the speed is capped on my VPN to 20-25 MBs. When I try to check on my computer or phone directly with native VPN client enabled it is showing over 100+ MBs. My internet connection is 120MB constantly without the VPN enabled. I've tried TCP or UDP config file for OpenVPN to use with Surfshark same results it is still staying at 20-25. Is it the CPU limitation on the router? I get constant buffering when I use VPN no buffering without VPN. @Kevin_Z

  0      
  0      
#1
Options
3 Reply
Re:VPN Client capped on AX3200
2022-01-07 12:37:46

@PCMAC_Genius 

 

Hello, I have previously tried to explain to Memjunk in the below thread that the VPN Client connection speed cannot be as good as the internet speed when there is no VPN connection, please check:

https://community.tp-link.com/en/home/forum/topic/270268?replyId=1015342

 

BTW, if you want to connect to the VPN server only on some specific client devices, I would suggest you disable the VPN connection for those who don't need it on the AX20 web GUI to get a better speed as expected.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  3  
  3  
#2
Options
Re:VPN Client capped on AX3200
2022-01-07 13:47:46 - last edited 2022-01-07 13:52:02

@Kevin_Z 

 

  1. The problem is I have only one client enabled with VPN connection out of 30 in my router and therefore trying to limit strain on CPU, but as others mentioned it simply caps at abovementioned speed and never goes over that. So, it is clearly a limitation if the router's resources or something else in the programing. 
  2. AX20 is another name for AX3200?
  0  
  0  
#3
Options
Re:VPN Client capped on AX3200
2022-06-03 20:57:50

  @PCMAC_Genius 

 

If you only need VPN on a single client, I would not bother with a vpn at all. A VPN really is by design optimal when you are managing a lot of clients/hosts or when you are managing several sites. There really are WAY better options that are WAY faster & WAY WAY more secure, particularly when you look at the VPN server options provided in consumer grade networking equipment (& pretty much everything TP-Link, regardless of how it is marketed, is consumer grade). I mean PPTP isn't even supported by most modern clients as it really is not secure, it is in fact a nearly 50-year-old & relies exclusively on the client-side stack for any security or encryption. In fact, security issues is mentioned in the very first sentence on the wiki page for PPTP. TP-Link's implementation of OVPN also isn't very robust, with no script security standard & using only AES-128 encryption (the value of which vs. 256 or 512 is debateable and probably fine, if not best practices, however that is all moot since they actually include the TLS certs privaet key right in the router generated .ovpn file which is just a human-readable text file. Also, they opted for persistent tun & persistent key, so obviously renegotiated security is not implemented. Not to mention that most HW VPN or FW-VPN (s2s) devices are only equiped with 100mb NIC's, which is fine, more than adequate for the most part.

 

But (when the choice is ovpn or pptp) I would suggest another route, be it a tunnel or some p2p-like implmentation.There are many options, ranging in function and security from open/unencrypted to a 8192-bit encrypted key for local like network access only, to complete RDP or virtualized desktop-like acess with more function than you could ever need. There are Argo/Inlets/v2Ray types of solutions *{check out cloudflare, you can set up an SSL encrypted tunnel in a seperate segregated IP netblock with 2FA or SSO authentication options for free via cloudflare (using a cloudfklare managed certificate only; you can use a self-managed cert, i.e. $$$ via Digicert or free via Let's Encrypt cert, but cloudflare requires a paid subscription for that option)}. There are also SD-WAN options that are similar to the cloudflare solution only can be much more private with self-hosted keys and certs, but I am unaware of a decent free SD-WAN option, aside from those that come with the purchase of some brands of SAN or NAS equipment.

 

Any way, there are a million & one options that will be faster, more secure & more reliable. Heck, even an SSH tunnel, or a browser based solution, such as FoxyProxy and dynamic port forwarding with a SOCKS proxy, plus the many newer generation ZeroTrust tunneling options. Anyways, check out opentunnel(DOT)net for some of the x-/v2 -ray, proxy or other vpn options available for no cost.

 

Having no idea on your specific hosts/clients, your needs/usage scenario, I can't be too specific, but there are many better options viable for a single host connection, options that will be much quicker, it's usually faster using a p2p-type connection vs. adding hops to VPN servers & that will not bog down the connection for the rest of your network clients.

  0  
  0  
#4
Options