I expected much more speed.
I've conducted the test with iperf3 and wired connection.
In short: OPNsense gives about 100/90 Mbits/s, but it is too low numbers in comparison with plain linux machine and openvpn package (~650Mbit/s)
Software/Hardware specs:
Versions OPNsense 24.1.3_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13
CPU type Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz (with AES-NI)
1 GB port (yes, I tested it without vpn)
OpenSSL test:
root@OPNsense:~ # /usr/local/bin/openssl speed -evp aes-256-gcm
Doing AES-256-GCM for 3s on 16 size blocks: 30204438 AES-256-GCM's in 3.00s
Doing AES-256-GCM for 3s on 64 size blocks: 23236206 AES-256-GCM's in 2.99s
Doing AES-256-GCM for 3s on 256 size blocks: 15034680 AES-256-GCM's in 2.98s
Doing AES-256-GCM for 3s on 1024 size blocks: 7182913 AES-256-GCM's in 2.99s
Doing AES-256-GCM for 3s on 8192 size blocks: 1207259 AES-256-GCM's in 2.99s
Doing AES-256-GCM for 3s on 16384 size blocks: 607857 AES-256-GCM's in 2.98s
version: 3.0.13
built on: Mon Feb 5 20:57:43 2024 UTC
options: bn(64,64)
compiler: cc -fPIC -pthread -Wa,--noexecstack -Qunused-arguments -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -DL_ENDIAN -DOPENSSL_PIC -D_THREAD_SAFE -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
CPUINFO: OPENSSL_ia32cap=0xfffab2234f8bffff:0x4009c47ab
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
AES-256-GCM 161090.34k 497000.00k 1289676.42k 2458169.12k 3305229.28k 3345849.14k
iperf sends packets with maximum allowed size, so consider the speed of AES-256-GCM for 1024 bytes -- it is 2,458,169.12k (!) -- quite enough.
iperf3 test results:
$ iperf3 -c 192.168.8.1
Connecting to host 192.168.8.1, port 5201
[ 5] local 192.168.8.5 port 39024 connected to 192.168.8.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 9.99 MBytes 83.8 Mbits/sec 4 181 KBytes
[ 5] 1.00-2.00 sec 11.0 MBytes 92.5 Mbits/sec 2 163 KBytes
[ 5] 2.00-3.00 sec 10.7 MBytes 89.4 Mbits/sec 23 76.2 KBytes
[ 5] 3.00-4.00 sec 9.74 MBytes 81.7 Mbits/sec 1 113 KBytes
[ 5] 4.00-5.00 sec 10.8 MBytes 90.4 Mbits/sec 45 124 KBytes
[ 5] 5.00-6.00 sec 11.3 MBytes 95.1 Mbits/sec 21 149 KBytes
[ 5] 6.00-7.00 sec 12.2 MBytes 102 Mbits/sec 0 200 KBytes
[ 5] 7.00-8.00 sec 10.6 MBytes 88.9 Mbits/sec 55 93.3 KBytes
[ 5] 8.00-9.00 sec 10.4 MBytes 87.4 Mbits/sec 61 113 KBytes
[ 5] 9.00-10.00 sec 10.5 MBytes 87.9 Mbits/sec 12 112 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 107 MBytes 89.9 Mbits/sec 224 sender
[ 5] 0.00-10.01 sec 106 MBytes 89.3 Mbits/sec receiver
$ iperf3 --reverse -c 192.168.8.1
Connecting to host 192.168.8.1, port 5201
Reverse mode, remote host 192.168.8.1 is sending
[ 5] local 192.168.8.5 port 42492 connected to 192.168.8.1 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 11.8 MBytes 99.3 Mbits/sec
[ 5] 1.00-2.00 sec 10.8 MBytes 90.5 Mbits/sec
[ 5] 2.00-3.00 sec 12.2 MBytes 102 Mbits/sec
[ 5] 3.00-4.00 sec 11.3 MBytes 94.8 Mbits/sec
[ 5] 4.00-5.00 sec 12.7 MBytes 106 Mbits/sec
[ 5] 5.00-6.00 sec 12.9 MBytes 108 Mbits/sec
[ 5] 6.00-7.00 sec 12.3 MBytes 103 Mbits/sec
[ 5] 7.00-8.00 sec 13.2 MBytes 111 Mbits/sec
[ 5] 8.00-9.00 sec 10.4 MBytes 87.2 Mbits/sec
[ 5] 9.00-10.00 sec 11.3 MBytes 94.6 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 120 MBytes 100 Mbits/sec 106 sender
[ 5] 0.00-10.00 sec 119 MBytes 99.7 Mbits/sec receiver