Hi @jfl2507 

Thanks for posting in our business forum.

jfl2507 wrote

The CPU on the router GUI does not show it being taxed during a transfer, is this normal? is there a dedicated encription chip that handles the on the fly encryption without taxing the CPU? Also any idea if its normal for upload speeds to get cut in half, or some setting someone else has figured out. I have seen SMB file download spikes as high as 190MBps,  yes Megabytes , thats crazy fast. But uploads alot slower arounf 50MBps which again SMB protocol sucks with latancy even if its 15ms.

First, about the relationship between the CPU and encryption, the graph in standalone mode you see in real-time. If there is no spike in the CPU, then it means the CPU can handle the load you have on there.

About a dedicated chip for encryption, sorry that there is no evidence on showing that.

Second, about the read and write speed, that's a long story. I don't wanna extend this here. Hard drive read and write speed requires some knowledge. So, I'll point out what could cause this.

If you use HDD, then typically, you should get around 160MB/s for its speed.

Accurately speaking, quote: A standard HDD will read and write at typically 80MB/s to 160MB/s, but an SSD reads and writes at between 200MB/s to 550MB/s.

Not to mention that this speed can degrade in a LAN transfer. Your hard driver requires a "cache" to get faster speed, usually for SSD. For the HDD, then your write speed could be affected without a cache.

Moreover, if your uploaded file is small and scattered, and not zipped/compressed, the speed could be slow. 

I think you are probably fine there. Nothing to worry about.

jfl2507 wrote

Similarly

 

I have configured a Wireguard VPN profile and added one peer to test with. The results after fiddling with MTU settings at my most optimal have been 900mbps transfer rate on download  and 800mbps tranfer rate on upload . The CPU again doesnt appear to get taxed while transfer is taking place. I have noticed the SMB file tranfers though not as fast on download they are faster on upload when dealign with alot of small files. The previous SMB numbers mentioned where witch huge multigig files ( Lt2TP is better at 1.7gbps) but on smaller files it slows down wereas wireduard is faster at multiple smaller files.

Wireguard is the latest VPN protocol. Newer than OVPN. They have their own advantages in its design.

jfl2507 wrote

 

I have also tinkered with IKEV2 but since I have L2TP enabled I can only assing it a static client IP address to make it work. speeds are similar to the L2TP but I can only test it on a MAC laptop since windows built in ikev2 doesnt work since the MSCHAP protocol is not supported and i believe the addition of certificates complicated things further to make it work. Still hopefully in the future you guys can find a way to get windows clients to work with IKEV2 as it seems more responsive/snapier than L2TP.

L2TP encryption is based on IPsec.

jfl2507 wrote

My question regarding wireguard is what are the max Speed throughput that it can handle assuming no latency and testing straight at the WAN port with iperf? These specs are listed on the website for the other VPN protocols.  It would be complicated to try this myself as the router is currently running and I cant just kill the internet for the office lol.

 

Another suggestion is about the addition of DOH and DOT DNS proxies, I currently use NextDNS and I can only get DOH to work since you require an acutal IP address for DOT, nextDNS has character string instead of IPs, such as XXXX.dns.nextdns.io for the server address where XXXXX identifies your specific DNS account. 

 

IF anyone has other test suggestions let me know.