RT2600ac NordVPN and rt2600ac Config (IKEv2/Wireguard?)

Currently reading
RT2600ac NordVPN and rt2600ac Config (IKEv2/Wireguard?)

Hello,

I just tried to set up NordVPN at the router level using OpenVPN.

The good news is that the setup connects. The bad news is I lose about 87 percent of my internet speed (from 230 mbps to ~30 mbps). That is not really workable for me here, so I effectively cannot use the VPN at the router level using OpenVPN.

NordVPN support indicates this is a flaw with the OpenVPN protocol, which many routers apparently don't have the juice to deal with properly.

He indicated I should use IKEv2 or Wireguard for best results. When I use IKEv2 on my Mac directly to connect to Nord VPN, I only see about a 10 percent speed reduction, so I am inclined to agree.

Unfortunately, I cannot figure out how to set this up on the router. Does the rt2600ac even support this option? Might it support it in the future? I can't find anything from Synology about this on the Google.

Thanks!
 
Does the rt2600ac even support this option?
Atm there is no option to support this on SRM. Will it be, its a question. IKE is a love child of Microsoft and Cisco, and I'm sure it will cost Synology to get this implemented.

Still this being said, IKE uses UDP traffic, have you tried UDP protocol with Nord? I use only UDP with them and have less than 5% penalty on 40Mbit link (not as fast as yours but worth a shot).
 
I would also say check if you're using the UDP protocol instead of the TCP protocol.

I'm losing about 50% speed probaly because I'm purposly using an OpenVPN server in Zwitserland (while I'm in the Netherlands). My NAS has a virtual DSM instance that is connected to NordVPN and hhas the Synology Proxy server package installed.
 
Thanks for your replies.

I went with UDP from the start after reading it was the fastest, and I get great results when I install the Nord IKEv2 software on my computer and phone (only about 10 percent loss).

I'm guessing the massive loss I'm seeing is due to the maximum total bandwidth I have. My router requests data at as close to 230 mbps as it can get, and so the VPN encoding/decoding software in the router gets _bombarded_ with way more data than it can reasonably handle.

A slower connection will request less data per unit time and probably not struggle as much for that reason.

This sounds like a hardware limitation, so I can't imagine what they can actually do to fix it. I suppose they could release a dongle that plugs into the USB port with a hardware encoder/decoder on it, but I doubt very much there is sufficient market to make that feasible.

Given that internet speeds are only getting faster in the market segment that can afford a 200 USD router, I almost wish they'd pull the feature entirely if it can't be made to work at what is now considered "slow" broadband speed in the urban US.

It's not exactly misleading marketing, but a lot of people like myself will end up disappointed and feeling somewhat lied to.
 
That's another reason why I have VPN server for outside access as a virtual machine... I can add more and more resources as the bandwidth increases, but I hear you totally.

Yeah. I suppose I'll end up doing that at some point, but it'll be a while before I can get more hardware, whether it's a server PC or a NAS or anything else. I'm considering a hardware VPN dongle that would plug in between my router and my cable modem. If it works and doesn't cause a massive speed hit, might be the cheapest option.

I know with proper hardware I only get a 10 percent speed hit, so that's my target.
 
@johntdavis I don't understand how you setup the Synology 2600AC with NordVPN. There is no option anywhere to setup the Synology as a client to a VPN server that I can find. Where did you find this setting and how did you set it up? The NAS has a menu but I can't find instructions for this for the router.
 
@rjurney : In addition to @fredbert 's link, Nord also has a specific help page on using it with a Synology router. It gives you 2 or 3 config files to download and upload to the RT2600ac.

That said, performance is garbage. It is unusable. It reduced my ~233Megabit connection to something around 30 Megabits down, as I noted in the original post above. I consider an 87 percent reduction in speed unusable, especially considering I replaced cable TV on all the TVs here with 4k Hulu Live TV streaming and Netflix et al.

My understanding at this point is that OpenVPN (which is the only supported way to use Nord directly with the RT2600ac) needs hardware acceleration that the router just can't provide.

On the bright side, Wireguard is getting pulled into the Linux kernel, so it's possible (but not very probable) the version of Linux inside the RT2600ac might eventually get updated to support it.
 
Indeed. I use udp as well but the penalty is about 20-40% while running it on a NAS setup not a router

Are you using Nord? It was explained to me by Nord tech support that the RT2600ac did not have the hardware to maintain high speeds while using the VPN features.

Does your router have a beefier processor than the RT2600ac?

Even if I only had 60 percent of my connection, I'd still expect 138 Mbps down. I was getting ~30 Mbps, unfortunately...
 
Are you using Nord? It was explained to me by Nord tech support that the RT2600ac did not have the hardware to maintain high speeds while using the VPN features.

Does your router have a beefier processor than the RT2600ac?

Even if I only had 60 percent of my connection, I'd still expect 138 Mbps down. I was getting ~30 Mbps, unfortunately...
Yes I do. As i said I don’t have it running on the 2600 router that I also own but rather have it running on the NAS instead.
 
@Rusty at this point I wish they'd just pull the VPN support from the router. It doesn't have support for IKEv2 or Wireguard, OpenVPN performs so poorly at broadband speeds* it is unable, and Nord and presumably other providers no longer support IPSec/L2TP and and PPTP due to security concerns. I can't imagine the provider support for older, less secure protocols will improve going forward.

* Presumably, OpenVPN would work fine on the router's hardware with a sufficiently slower connection. 230mbps is definitely too much, and this is the slowest (and I use that term very loosely, having owned one of the first cable modems at a blazing 6 mbps down). But I have no idea what the limit is. That is, where to you start to jump from 30-40 percent speed reduction to 80+ percent speed reduction?
 
Well people have confirmed that 2600 can support 1G speeds over wan (google fiber users for example) but with vpn you should always be prepared for a good 50% penalty on average if all is well. More so if the conditions are worse (server saturation, location etc...).

Wireguard won’t be coming any time soon ok SRM if at all but I hope I’m wrong. What’s your location and vpn destination? Could it be that you are using some servers that are geographically too far ?
 
Well people have confirmed that 2600 can support 1G speeds over wan (google fiber users for example) but with vpn you should always be prepared for a good 50% penalty on average if all is well. More so if the conditions are worse (server saturation, location etc...).

Wireguard won’t be coming any time soon ok SRM if at all but I hope I’m wrong. What’s your location and vpn destination? Could it be that you are using some servers that are geographically too far ?

I actually tested it with Nord servers in my city to verify setup and try to get a baseline for speed reduction. I always got an 80+ percent drop in speed.

I tried Nord's iOS app outside my LAN and got a much more reasonable 10-20 percent speed reduction in the same city, on my cell phone.

Of course, at this point I'm not touching Nord again due to some issues they experienced. I might have better luck with another provider.
 
For what it's worth, I connect to Nord from a Diskstation (rather than from the RT2600ac), and I've been very pleased with their stability as compared to, for example, Torguard. And, my speed doesn't seem to be suffering at all, using UDP, cipher AES-256-CBC, and auth SHA512. It may make a huge difference WHICH Nord server you're connecting to.
 
For what it's worth, I connect to Nord from a Diskstation (rather than from the RT2600ac), and I've been very pleased with their stability as compared to, for example, Torguard. And, my speed doesn't seem to be suffering at all, using UDP, cipher AES-256-CBC, and auth SHA512. It may make a huge difference WHICH Nord server you're connecting to.

Interesting. Which DiskStation is it? I'm curious what the processor is compared to the RT2600ac.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Oh! Thanks for clarifying that. It also stimulated my memory. I actually pinged Nord tech support about...
Replies
8
Views
5,159
  • Question
Yeah, sometimes it takes ages to ring, or you go to it and it doesn't pick up the first time and you have...
Replies
3
Views
2,366
  • Question
I have RT6600ax and WRX560 both wire back hauled to Netgear MS510TX. This switch's four 1GbE ports are...
Replies
5
Views
1,568
As already linked Router Products | Synology Inc. you can compare the four available routers (use the...
Replies
4
Views
2,774
Any other idea? I tried everything I could do. But now the synology assistant sees the device something...
Replies
18
Views
2,829
  • Solved
Thanks very much for responding again Rusty. Much appreciated!
Replies
4
Views
1,764
I see. Thanks. I'll evaluate my potential need for WRX560'a once I've lived with RT660ax + MR2200ac's for...
Replies
6
Views
3,023

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top