VPN Premium Setup Guide for HIGH SPEED DOWNLOAD and OKAY Streaming by REO

Thank you, Asuswrt-Merlin

Hi, I am from Thailand. I am going to write a VPN detailed setup guide for a high speed download around 100 Mb/s on average and maybe-the-smoothest streaming for Netflix, Crunchyroll, Hulu, etc. From Thailand, the destination is San Francisco, USA, which is pretty decently far.

What do you need -

1. ASUS router with very a high DUAL-core CPU you can buy 2, 3, 4 cores but 2 cores will give you the most cpu because **your VPN will use 1 core and router system will use another core, if I'm not mistaken. In this case, the legendary dual-core RT-AC86U released in 2017 is an ideal here. Buying guide (anything here but I recommend RT-AC86U** for this HIGH SPEED setup or it will ruin the whole point): https://sourceforge.net/projects/asuswrt-merlin/f...

2. The most popular Red-and white-logo's VPN provider account (Ex...)(can't mention it) You can try or pay it for 1 month first to see if it will work out. I've tested many VPN's providers including the blue-and-white VPN. I feel like Red-and white-logo's VPN gives the highest and steadiest speed.

3. High-speed internet - I suggest at least [500 Mb/s download speed / whatever upload speed] Home/personal internet. I'm not sure about enterprise/apartment/dormitory or public internet.

Once you've secured these 3 stuff, let's begin...

[General Router Setup's Wizard]

1. (you can skip this if you don't have a main internet's router/modem) Connect LAN from your main modem/router to RT-AC86U
2. connect LAN from RT-AC86U to PC, type 192.168.2.1 or whatever the router's ip address on the back of it. Then type "admin" and "admin" for the username and password.

3. choose "automatic type" or "Wireless router mode", your own username & password, setup your wifi, etc.

After finishing this, DON'T CHANGE your router's ip. Leave it default (192.168.2.1 in this case). I don't know if it's my problem or what. Changing it broke my router and I had to factory reset every time.

[Firmware's Upgrade]

[Administration] >> [Firmware Upgrade]...
Download the latest stable firmware version from https://sourceforge.net/projects/asuswrt-merlin/f... or https://sourceforge.net/projects/asuswrt-merlin/f...

**Choose your EXACT model. Please DO NOT CROSS the model or it will forever break your router (I went to get a refund when I cross the model's firmware version lol because I couldn't detect my router to unbrick at all).

Crack your zip file and find .w file (for example RT-AC86U_384.15_0_cferom_ubi.w)

Scheduled check for new firmware availability: No

Manual firmware update : "Upload" <<< Click and choose your downloaded .w file

For your main modem/router's DNS, set it to your best local-country DNS or CloudFlare's 1.1.1.1 and 1.0.0.1. You can keep testing them on https://www.ipvoid.com/ping for the lowest avg time.

For RT-AC86U set it to CloudFlare's DNS which is 1.1.1.1 and 1.0.0.1

Why ...?

- Enable secure UPnP mode: NO - In case you want to use QOS (explain later) and guarantee it will not block any VPN traffic.

- DNS Privacy Protocool: None - because DNS-over-TLS is too fancy. It gives some security overhead making the connection a bit slower.

- DHCP query frequency: Normal Mode - because sometimes Aggressive Mode will mess up with your internet provider (ISP) and block your traffic.

[LAN] - see the image

next ...

[ IPv6 ]... disable it...Why? Because many people report VPN won't work with IPv6, but you can try if your ISP doesn't provide normal internet (IPv4) and put everything to automatic.

[Firewall]: Turn on /// Enable DoS protection: Off (or On but it will consume some cpu/RAM)
Turn off IPv6's Firewall if you've disabled IPv6

[Open Red-and white-logo's VPN website] and log in. > Set up your devices >> More >> Manual Config

Under OpenVPN tab, choose Americas >> USA - San Francisco, San Jose, etc. (download it)
*Note: After this setup, if your VPN gets blocked when entering Netflix, Hulu, etc. websites, change the location. Los 3, 4, Seattle, Salt Lake, and New Jersey are okay speed and not being blocked.

Back to your router,

[VPN] >> [VPN Client]

Select client instance: choose client 5 for cpu core 2 (client 5 for cpu core 2, client 4 for cpu core 1...it depends on Merlin's update).

Why? I feel like the router's system uses core 1 and I got better speed when I use core 2.

How to test which client is which core?....I will talk about it soon

1. Import .ovpn file: choose the downloaded OpenVPN file >> ***click Upload >> **wait 10 sec

2. Description: your choice naming

3. LEAVE EVERYTHING TO DEFAULT

4. Username /// Password: copy from Red-and white-logo's VPN website under "Manual Config (OpenVPN tab)"

5. LEAVE EVERYTHING TO DEFAULT

6. Under "Custom Configuration", this is a tricky part. LEAVE IT DEFAULT. DON'T TOUCH IT. Or you can try different values of [sndbuf] and [rcvbuf]. It will control your buffering speed. I tried many values from many guides and felt that the default values are the best.

7. Apply, wait, then [Service state] OFF/ON <<< Click to turn ON

*Back to the question How to test which client is which core?
While your VPN is ON, go to the first page of ASUS's [Network Map], do a speed test on

https://www.speedtest.net/ or https://www.speedtest.net/ (more accurate)

and see on the router's page, at the right corner while speed testing. You will see which core peaks the most. Then try changing to a different clients on the router's VPN page.

Instance 4 should use core 1 and Instance 5 should use core 2 in my current Merline's firmware.

Try and see which core gives you the best internet speed. Mine is 2.

*Note: if you forget the [sndbuf] and [rcvbuf] default value, just click "default" at the bottom to reset and upload OpenVPN again, username and password again.

For a scenario, you want 1080p but it is playing 720p right now

In my understanding...

sndbuf - low , rcvbuf - low

= Buffer fast /// becomes 1080p fast /// pauses again to buffer fast OR go back to 720p [BAD]

------------------------------------------------------------------------------------------
sndbuf - high , rcvbuf - low

= Buffer long /// become 1080p fast /// pause again fast because it receives low buff [BAD]

------------------------------------------------------------------------------------------

sndbuf - mid , rcvbuf - mid

= Buffer medium /// become 1080p medium /// might become 720p sometimes [BAD]

------------------------------------------------------------------------------------------

sndbuf - DEFAULT VALUE (maximum is might be the default value, depends on VPN provider)

rcvbuf - DEFAULT VALUE (maximum is might be the default value, depends on VPN provider)

= Buffer medium /// become 1080p medium /// rarely buffer and don't become 720p (low chance 720p) [NICE!]

---------------------------------------------------------------------------------------------

[Game Boost]: WTFast GPN: don't use it..it doesn't go along with VPN

[LAN Boost]: OFF (If use QOS which I will talk about soon, still OFF! I feels it slows my speed)

[AiProtection] (your choice): I do ON // 1ON //2ON 2ON // 3 ON for security. It very slightly effects the performance. Or you can turn some of them off.

[Adaptive QoS] >> [QoS] What's the purpose? Control the traffic by restricting/releasing your bandwidth on different kinds of media (Messaging, Web surfing, Netflix's UI speed only, Netflix's movie, etc.)

[DO WHAT]... Enable QoS >> Bandwidth Limiter >> fq_codel (for the best, low-bufferbloat performance) >> Apply .... for "Client List" just leave them blanked.

It looks like doesn't make much sense, but fq_codel algorithm really helps bufferbloat, though we put nothing in the Client List.

I **DON'T recommend using Adaptive or Traditional QoS choice for the optimal speed.
For example,

regardless of other slowing factors, 100 Mb/s without QoS,

when I play PS4 using internet, my ps4 gets 100 Mb/s. When I switch to gaming on my phone, my phone gets 100 Mb/s.

With QOS, if I set to 80% to movie and 20% to gaming, my Netflix's movie will get around 80 Mb/s while reserving for gaming 20 Mb/s at the same time.

QOS is usually for non-VPN users with A LOT of Download speed, multiple users, and super multi-tasking people.

use a CUSTOM script, NOT from ASUS' default

Do this...

[Administration] >> [System]...

Format JFFS partition at next boot: No /// Enable JFFS custom scripts and configs: Yes

Enable SSH: LAN only /// Allow SSH Port Forwarding: Yes /// SSH Port: 22

Allow Password Login: Yes /// Enable SSH Brute Force Protection : No

Then, look under "Windows - Easy (1-line) Install : " from this website

CUSTOM script (FreshJR Adaptive QOS): https://www.snbforums.com/threads/release-freshjr-...

- Download Putty, type in your router's ip address (same address on your website's bar), port 22, ENTER, then a command console will ask for username/password (pass is invisible when typing). Then do

curl "https://raw.githubusercontent.com/FreshJR07/FreshJR_QOS/master/FreshJR_QOS.sh" -o /jffs/scripts/FreshJR_QOS --create-dirs && curl "https://raw.githubusercontent.com/FreshJR07/FreshJR_QOS/master/FreshJR_QoS_Stats.asp" -o /jffs/scripts/www_FreshJR_QoS_Stats.asp && sh /jffs/scripts/FreshJR_QOS -install

After installing, reboot, and turn off/on your router
--- Credit to FreshJR ---

Back to [Adaptive QOS] >> [QoS] >> [Traditional Qos] (Adaptive doesn't work with for script)

>> fq_codel** for the best, low-bufferbloat performance >> Skip WAN packet overhead (fine tuning), >> put in your average download and upload speed >> Apply >> if there is Priority type list, I usually choose Web Surfing, since Netflix's UI is classified as Media, but Netflix's series or contents are classified as Web Surfing.

At the top-right corner, click FreshJR >> Classification >> Download/Upload Bandwidth >> your choices

Under iptable Rules (IPv4) >> just only type in your PS4 or xbox's ip address or follow the section

" 3) What is a CIDR IP range? " on FreshJR's webpage: https://www.snbforums.com/threads/release-freshjr...

I use a program called "WiFi Analyzer" from Microsoft Store to find what Control Channel is the best for you.

Normally it should be 1, 6, or 11. (don't use Auto for the channel)

5G has too many channels. Some channels are faster than each other. I need more research on this. I'll just go with UNII-3 because they are not popular and not often used by military or weather channels. You can test out and see what channel gives you the highest graph (highest dBm).

PING depends on the day. Some day is 193 and some is 270. But the average is around 220.

You can still play Rocket League without delay around 250. After 250, it starts getting delay.

With this setup, you should expect your speed test on PS4 and xbox around 40 Mb/s of the download speed. I don't really know why this.

*Note: the best speed test is desktop/OS speed test software. Speed tests on websites are good, but slow and inaccurate sometimes. I use Free Internet Speed Test Tools on Microsoft Store.

Thank you,
REO

My Reddit's and Instructables' link on this topic:

https://www.reddit.com/r/VPN/comments/f32z3f/vpn_p...

https://www.instructables.com/id/VPN-Premium-Setup...