OPNsense Forum
English Forums => General Discussion => Topic started by: tigs on January 31, 2016, 08:01:09 pm
-
I was trying pfense. I found this version is best with openvpn throughput.
The equivalent pfsense version is 2.1.5, 32 bit.
Thanks
-
There are no OPNsense build based on FreeBSD 8.3.
In fact, nothing lower then 10.0.
Current OPNsense builds do excellent VPN performance.
-
Unfortunately, I have not been lucky. I have a 100M cable, mostly 130M in real life. Openvpn downs it to 20-30M with my 8-core C2758 Rangely supermicro board and 8G of RAM.
Any trick to share?
I have tried difference things:
1. BF-128-cBC versus AES-128-cbc
2, with or without powerD
3, with or without BSD hardware acceleration
What else can I try?
The CPU usage is 13% MAX, RAM usage is also low. Throughput is as expected when openvpn is off.
-
Maybe try some of the tunables.
System->Settings->Tunables
net.inet.ip.fastforwarding=0
net.inet.tcp.tso=0
-
Try to disable hardware CRC (checksumming) or other tweaks as well... System: Settings: Networking.
-
hey guys,
hey franco,
any good reason why net.inet.tcp.tso is set by default to 1?
almost all hardware/drivers have issues with these settings, it should be 0 by default or? :)
-
That's a good question. I'm impartial here. Who's for flipping the default?
(The default in FreeBSD is 1 as well.)
-
Intel has some info in their readme file for the FreeBSD em and igb driver. tso can potentially cause issues if set to on with certain Intel nics.
From the readme (https://downloadmirror.intel.com/17509/eng/README.txt):
TSO
---
TSO (TCP Segmentation Offload) supports both IPv4 and IPv6. TSO can be
disabled and enabled using the ifconfig utility or sysctl.
NOTE: TSO requires Tx checksum, if Tx checksum is disabled, TSO will also
be disabled.
NOTE: By default only PCI-Express adapters are ENABLED to do TSO. Others
can be enabled by the user at their own risk. TSO is not supported on 82547 or
82544-based adapters, as well as older adapters.
To enable/disable TSO in the stack:
sysctl net.inet.tcp.tso=0 (or 1 to enable it)
Doing this disables/enables TSO in the stack and affects all installed adapters.
To disable BOTH TSO IPv4 and IPv6:
ifconfig em<interface_num> -tso
To enable BOTH TSO IPv4 and IPv6:
ifconfig em<interface_num> tso
You can also enable/disable IPv4 TSO or IPv6 TSO individually. Simply replace
tso|-tso in the above command with tso4 or tso6. For example, to disable
TSO IPv4:
ifconfig em<interface_num> -tso4
I vote for the default to be off for tso although I'm somewhat biased since tso causes issues with my particular Intel nics.
Also someone new to OPNsense could potentially think that OPNsense in general is the problem and not a simple setting adjustment.
-
dont know why the use 1 as default, maybe
NOTE: TSO requires Tx checksum, if Tx checksum is disabled, TSO will also
be disabled.
but how knows. also vote for 0 (default).
its a trublemaker
if you virtualize OPNsense, u have to disbale it. also at the hypervisor (host)
btw. CRC, TSO, LRO =1 will give u some headache to :)
(System -> Settings ->Networking)