Text only | Text with Images

OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: cbesener on July 19, 2019, 06:13:29 PM

Title: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: cbesener on July 19, 2019, 06:13:29 PM
Hello,

I have setup 2 Opnsense with openvpn.

Both systems have a Intel Xeon processor with 16 GB Ram and SSD as harddisk. The Intel RDRAND engine is enabled.

I have configured a VPN witch AES256CBC und SHA256, but I wonder that the VPN speed is so bad. If I copy a large file the max speed is 1,5 Mb per second.

At one side I have a 1000 mbit sync fiber connection at the other side I have a 50 mbit VDSL.

What could I do, to speed up the VPN?

Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: iam on July 19, 2019, 11:02:48 PM
Quote from: cbesener on July 19, 2019, 06:13:29 PM
I have configured a VPN witch AES256CBC und SHA256, but I wonder that the VPN speed is so bad. If I copy a large file the max speed is 1,5 Mb per second.

In both directions? Is the max speed 1,5 Mbit/s or MByte/s? 1,5 MByte/s would be good with 10 Mbit/s upload.
Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: Bonkerton on July 19, 2019, 11:44:58 PM
Check with a large download from a known fast site, to see which side is the culprit for slow speed.

Or a torrent, like a Linux distro ISO
Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: cbesener on July 20, 2019, 11:58:42 AM
The copy speed is about 1,5 Megabyte per second. Yes that is about 10 mbit. But I have a symmetric fiber channel with 1000 mbit, and on the other site 50 mbit. And I wonder that the VPN only pass 10 mbit. I would like to now how to speed up the VPN.
Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: mimugmail on July 20, 2019, 02:22:37 PM
Interfaces : LAN : MSS, set to 1300 for testing. If it doesnt help its IPS, QoS, half duplex or something at other side
Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: ruffy91 on July 20, 2019, 02:24:01 PM
Try disabling rdrand so it uses aesni. rdrand is a lot slower than aesni or even software.
Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: cbesener on July 23, 2019, 10:57:09 AM
After a little bit googling over the world I found a solution, which speed up my VPN to 40000 kbit's

I have changed the buffer size to this values

sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

Thanks for your help
Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: Bargemanos on September 13, 2019, 03:47:56 PM
Quote from: cbesener on July 23, 2019, 10:57:09 AM
After a little bit googling over the world I found a solution, which speed up my VPN to 40000 kbit's

I have changed the buffer size to this values

sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

Thanks for your help

I ran into the same problem, although both internet speed should be sufficient to reach 100mbit without vpn active, i get ~1mb/s with vpn active.
I can not find an clue so i wanted to try the settings you provided above.

But i'm wondering, where did you set those variables. in the "openvpn --> servers" section or while exporting client side settings, of maby.. both? :)
I would like to get this right the first time.. would spare me a lot of possible travel time :)
Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: mimugmail on September 13, 2019, 07:03:58 PM
Tunables, just Google them with FreeBSD to see absolute path
Title: Re: Slow OpenVPN throughput with Intel Xeon :-( only 1 Mb/s
Post by: cbesener on October 01, 2019, 10:23:53 AM
I entered the values under client specific overrides. Than under Advanced Settings. Now my OpenVpn is fast, as I need.
Text only | Text with Images