Enabling OpenVPN client - acc-/tplink-archer-c2300 GitHub Wiki

OpenVPN

Original OpenVPN binary is quite old, v2.3.8. The new binary is v2.4.6. Download the files here. The github repository files use symbolic links, therefore please clone the repository under Linux, or use Windows with administrator rights, and git config core.symlinks set to true.

Installation steps:

  • replace /usr/sbin/openvpn
  • replace /etc/init.d/openvpn
  • copy libraries from repo's lib subfolder to /lib on your router
  • prepare your openvpn client config via uci, sample commands below

Sample OpenVPN client configuration

uci set openvpn.client="openvpn"
uci set openvpn.client.enabled='1'
uci set openvpn.client.client='1'
uci set openvpn.client.dev='tun'
uci set openvpn.client.proto='udp'
uci set openvpn.client.remote='MY_VPN_SERVER_NAME 1194'
uci set openvpn.client.nobind='1'
uci set openvpn.client.ca='/data/openvpn/ca.crt'
uci set openvpn.client.cert='/data/openvpn/client.crt'
uci set openvpn.client.key='/data/openvpn/client.key'
uci set openvpn.client.comp_lzo='yes'
uci set openvpn.client.persist_key='1'
uci set openvpn.client.persist_tun='1'
uci set openvpn.client.verb='3'
uci commit openvpn.client

lua -e 'require("luci.sys.config").saveconfig()'

Last command persist UCI configuration permanently.

OpenVPN benchmarks

My test setup

  • 1 small OpenWrt router (Xiaomi MiWiFi Mini) with Huawei LTE modem, HiLink device
  • Archer's WAN port connected to the router above
  • test laptop connected over 5ghz WiFi, 3 metres from the router
  • all the tests were exeuted on the same laptop using speedtest.net web site, always using the same server

It looks OpenVPN binary is using hardware acceleration - CPU usage was not exceeding 26% in my tests. All the speed results are in ping/download/upload form.

direct connection speeds

27/73.05/19.34
26/80.25/25.25
26/55.5/29.87
28/67.07/24.35

vpn client on test laptop

67/64.14/21.9
65/49.54/19.47
65/49.33/18.13
64/50.99/24.96

vpn client on router with plain config file

64/37.62/4.58
63/36.69/3.14
69/38.08/1.73
64/34.11/3.2

running /etc/init.d/openvpn with uci setup

68/38.66/14.75
70/42.16/16.39
68/43.32/19.58
68/46.38/18.63

Upload speeds are much higher. This is because TP-Link firmware has tweaked setting sndbuf 655350 in /etc/init.d/openvpn script.

running openvpn on second cpu core

This is the fastest, current setup. /etc/init.d/openvpn script is using busybox taskset command to force starting OpenVPN client on the second CPU core. The main network routing is executed on the first core, therefore reasonable speed improvements can be observed.

64/58.13/18.54
64/58.25/21.3
63/50.11/20.35
63/54.73/21.67