The manufacturer ASUS has worked for months to incorporate new functionalities related to VPNs in its routers with WiFi 6, or also known as AX routers. One of the main novelties in VPNs is the incorporation of the popular WireGuard VPN, the fastest, safest and most efficient VPN that we can find today. Thanks to the incorporation of this service, both as a VPN server and as a VPN client, we will be able to connect remotely to our home and in a really fast way.
WireGuard GUI on Asuswrt
The graphical user interface can be found in the “Advanced Configuration / VPN” section, in this menu we will have to go to the “WireGuard Server” tab where we will have all the configuration options. Currently it is only possible to configure one instance of this VPN server, although it is possible that we may soon have different VPN servers with different configurations.
The options that ASUS allows us are to activate the VPN, enable the router’s DNS servers and use or not a pre-shared key. We also have the option to configure Keep-alive rel, by default it is 25 seconds and it is what is recommended from the official documentation. Once we have clicked on “Apply”, the private and public keys will be created completely automatically, if we have selected “Use Preshared Key” they will also be generated automatically without us having to do anything.
As you can see, by default this server will be listening on IP 10.6.0.1/24 and will use the default port 51820 UDP. The router internally will open this port in the firewall, so we will not have to perform any other action.
With regard to VPN clients, or also known as “Peers”, we will be able to configure different clients, in addition, we will be able to dynamically enable or disable them easily and quickly. Here we must enter the private IP that each registered client will have. In the “Allowed IPs (Client)” section it is to access the different subnets of the router, or to do a complete redirection of traffic with 0.0.0.0/0.
Once configured, click on “Apply”, and the keys for this VPN client will automatically be created. Once done, we have two options:
- Click on “Export” to export the complete configuration file.
- QR Code to show us a QR code and scan it with our smartphone.
At the bottom we will not only be able to see the list of peers, but also the traffic exchange that we have carried out.
The exported configuration is as expected, you can see it below:
If we use this configuration file in any WG VPN client for Windows, Linux or macOS, we can connect easily and quickly, an important detail is the endpoint, we must edit it to put our DDNS domain, we have tested it in an environment of local network, for this reason it has private addressing.
Here you can see the same but with the QR code:
WireGuard performance on ASUS ZenWiFi XT8 router
We have tried to put a Jperf server in the local network of the router, with address 192.168.50.0/24. The Jperf client will be in the local network of the 10.11.1.0/24 subnet that belongs to the router’s WAN, in this way, we will be able to verify the real performance that we will be able to achieve in a Gigabit Ethernet environment. We have used 50 concurrent TCP threads in all tests.
In the following image you can see how we have achieved a real speed of 360Mbps upstream, that is, from the client to the Jperf server that is within the local network. You can also see the establishment of the connection with the TunSafe program for Windows.
In this other test we have carried out another test to check the speed again, in addition, in this case you can see the upload speed set by the TunSafe program that we have used.
As you can see, we have a very high performance in the VPN, achieving almost the real 400Mbps, a very high figure if we take into account that this router does not have the most powerful CPU, other models such as the GT-AX11000 or the RT- AX86U will get a better safe performance, therefore, the incorporation of this service is great news.
Other improvements over VPNs
ASUS developers have incorporated a menu called “Multiple VPN connection”, this allows us to connect in VPN client mode to different remote servers. Currently supports PPTP, L2TP, OpenVPN, HMA (Hide My Ass) protocols and also supports WireGuard. Thanks to these menus we can create different VPN clients and assign them to different computers on the local network, for example, we can configure our Smart TV to go to the Internet through one of these tunnels, ideal for bypassing Netflix regional blocks or similar.
As you have seen, we have a large number of improvements to come, right now all these functions are in beta phase, so they could have bugs, but in our tests with WireGuard Server everything has worked perfectly.