Print Page - Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be

Title: Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be
Post by: FarmerBrown on May 01, 2024, 09:22:28 PM

Hi,

A new OPNSense user here so still feeling my way around.

I've spent a few days now migrating / rebuilding from pfsense over to opnsense (same hardware) and today got around to the VPN side of things. I have a VPN with Private Internet Access through which I push some traffic.

With pfsense I use to get near-wire speed of 500Mb down. On OPNSense, without VPN, I get near-wire speed (400-450) which is expected.

When I run it over the VPN, I only get 150-170Mb/s down.

I read that as of 22, AES-NI is supported in the kernel so I don't explicitly need to do anything with it.
I note that within the settings, hardware acceleration is set to None. (Assuming this is correct)

hardware: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz (2 cores, 4 threads)
instance: OPNsense 24.1.6-amd64, FreeBSD 13.2-RELEASE-p11, OpenSSL 3.0.13
load average: 0.26, 0.28, 0.34

I am using Private Internet Access, the same sever (address at least) as I used before.
I am using OpenVPN "legacy".

Am I missing something that is slowing it down?

Title: Re: Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be
Post by: FarmerBrown on May 01, 2024, 09:24:03 PM

Should have added - CPU goes to 45-50% when running a download.
It never budged on pfSense once hardware acceleration was enabled.

Title: Re: Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be
Post by: franco on May 02, 2024, 08:22:53 AM

If you compare FreeBSD 14 and 13 I'm certain there are differences not even factoring in OpenVPN DCO, which isn't available in FreeBSD 13.

Cheers,
Franco

Title: Re: Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be
Post by: FarmerBrown on May 02, 2024, 09:47:46 AM

Franco, I am sure there are lots of differences but my issue I am trying to solve is the performance one.
It would be odd to say a newer OS would be that much worse than the previous one? (Windows 11 enters the chat...)

I've poked and prodded around and cannot see anything I have done wrong. I've also used different servers for PIA and same thing.

Title: Re: Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be
Post by: franco on May 02, 2024, 11:06:14 AM

The OS major version difference is one of the main differences in performance. It's been discussed exhaustively.

I still don't know if you base your measurement off DCO in the pfSense so that's all I can say from here.

Cheers,
Franco

Title: Re: Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be
Post by: chemlud on May 02, 2024, 11:37:47 AM

https://forum.opnsense.org/index.php?topic=38909.msg197650#msg197650

I personally don't like close-source crypto(enhancers?).

Title: Re: Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be
Post by: franco on May 02, 2024, 11:51:44 AM

Quote from: chemlud on May 02, 2024, 11:37:47 AM
I personally don't like close-source crypto(enhancers?).

But totally free of backdoors and bugs, trust me. ;)

Cheers,
Franco

Title: Re: Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be
Post by: Patrick M. Hausen on May 02, 2024, 11:56:50 AM

(https://forum.opnsense.org/index.php?action=dlattach;topic=40289.0;attach=34701;image)

Hey bud! Come here!

WHAT? ME?

Pssshhh!

what? me?

Rrrriiight.
Wanna buy some crypto enhancements?

OPNsense Forum

English Forums => Virtual private networks => Topic started by: FarmerBrown on May 01, 2024, 09:22:28 PM