Text only | Text with Images

OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: hypemedia on November 22, 2022, 12:42:41 PM

Title: OpenVPN Speed
Post by: hypemedia on November 22, 2022, 12:42:41 PM
I have an issue with the openvpn speed.

The speed that the VM where the Opensense is installed can support up to 45Mb/s while when I run via the OpenVPN the speed is capped at 1.5Mb/s

I have tried modifying the tunable, disabling encryption, tinkering with OpenVPN settings.

I am out of ideas on what I can do to make it work. The vm is running on KVM. I also configured all the KVM specific config to expose processor to VM and so on.
Title: Re: OpenVPN Speed
Post by: tiermutter on November 22, 2022, 08:46:04 PM
You should provide more information. Is OPNsense OVPN server or client? If server, what HW is your client(s)? How did you measure speeds with/without VPN?

With OVPN server running on E3845 I measured 17MB/s+ with SMB and iperf from Windows client (i5 8350u) and 7MB/s from smartphone (s22+), both to a NAS in remote LAN.
Title: Re: OpenVPN Speed
Post by: hypemedia on November 24, 2022, 10:33:07 AM
As I said the opnsense is running on KVM AMD EPYC-Rome Processor (8 cores, 8 threads).
I measured simply by doing an wget of a 1 gb file from the internet with both VPN on and without VPN.

I am talking about the server OpenVPN running on Opnsense.
Title: Re: OpenVPN Speed
Post by: yourfriendarmando on November 25, 2022, 02:35:48 AM
Check you are able to expose the real hardware accelerated encryption functions are exposed in your VM. I'm able to use CHACHA20-POLY1305 and get speeds closer to the wire.
Title: Re: OpenVPN Speed
Post by: hypemedia on December 02, 2022, 01:42:53 PM
Hi tried that also moved the VM to Vmware and disabled the the encryption all together. It looks like a network configuration issue. The openvpn on ubuntu out of the box is 10 x faster.
Title: Re: OpenVPN Speed
Post by: katamadone [CH] on December 02, 2022, 01:50:25 PM
Quote from: yourfriendarmando on November 25, 2022, 02:35:48 AM
Check you are able to expose the real hardware accelerated encryption functions are exposed in your VM. I'm able to use CHACHA20-POLY1305 and get speeds closer to the wire.

this is not solved with moving to vmware. What "hardware" ar you using? VMXNET3?
Title: Re: OpenVPN Speed
Post by: hypemedia on December 11, 2022, 11:17:18 AM
Yes I am using VMXNET3 tried also the 1000E no change. In the end I dropped opensense and went for a linux with standard openvpn. I did some custom ansible scripts and google OTP and azure auth module.

Speed on that setup si around 14 Mbps same virtual hardware as the one in opnsense so I imagine that is a BSD issue somewhere. I don't have time and resources to investigate more on this.
Text only | Text with Images