Time to Retire OpenVPN

Recently I setup a test instance of Shadowsocks on my RT-AC56U (Cortex-A9 clocked at 800Mhz). I did quick benchmarks to compare its throughput against my other VPN builds. Here are the three contestants on the server side: IKEv2 IPsec VPN on ER-X; AES128 + SHA1; hardware accelerated OpenVPN on RT-AC56U; AES128…

Read this article

DHCPv6 Prefix Delegation for IPv6

Updated: Jul 8, 2018 I recently switched ISP and gained native IPv6 connectivity. Googled for instructions to setup IPv6 on my ER-X. None of the articles and forum discussions that I found helped me complete the mission successfully. DHCPv6-PD is commonly used by ISPs to dispatch IPv6 addresses to users.…

Read this article

Re-visit the Switch in Edgerouter X

Update Feb 23, 2019: You might also be interested in my initial take on FW v2.0.0, User Space Bootstrap in EdgeRouter Firmware 2.0. In my previous post, we looked at the switch block in MediaTek's MT7621A SoC used in Edgerouter X. To recap, between the CPU and…

Read this article

Edgerouter X - IPsec Benchmarked

As I posted last time, the MediaTek SoC (MT7621AT) in ER-X has a EIP-93 crypto engine. It has impressive performance specification. Authentec quotes 450 Kpps for 64-byte packets and 300-500 Mbit/s throughput. MediaTek quotes around 200 Mbit/s. I found mixed results from my tests. I use AES-128/SHA1…

Read this article

Re-visit Forwarding Speed in ER-X

In a previous post, I did quick tests to show maximum packet switching and forwarding performance in Edgerouter X. That gave a glimpse but left more open questions in my mind. I believe same to sophisticated users. I figured EdgeOS is surprisingly easy to re-configure. I thought it would be…

Read this article

ER-X Forwarding Speed

ER-X demonstrates impressive forwarding performance with hardware offload. Expect some hit with NAT, QoS and firewall but I would imagine it won't be more than 10% reduction of the 924Mbps in my setup. I have on IPv4: 1 NAT rule, 2 firewall rulesets with 14 rules each. The QoS impact…

Read this article

ER-X - Use TLS Certificate for GUI

(September 28, 2016: This post was update since initial publish. Please scroll to bottom for the changes.) I have deployed a self-signed root CA to all family devices that I manage. Partly because I use this root CA for pixelserv-tls. I also issue certificates based on this root CA for…

Read this article