OPNsense Forum

English Forums => Hardware and Performance => Topic started by: user1234 on January 09, 2019, 06:04:02 pm

Title: OpenVPN performance
Post by: user1234 on January 09, 2019, 06:04:02 pm

I am running OPNSense on a Xeon X5550 box. We have a 1Gb link to a OpenVPN server which we have tested can provide 800Mb using a desktop PC.
When we use the OPNSense box to connect to the VPN it can only provide 200Mb of throughput through the VPN. I have ssh'd into OPNSense and it only ever appears to be using 45% of a single CPU core. I know OpenVPN is single threaded so I can't expect much, but is it possible to debug what is the bottleneck and why the openvpn process is not using more than 45%?

Title: Re: OpenVPN performance
Post by: monstermania on January 10, 2019, 04:50:20 pm

Hi,
an XEON X5550 is a rather old cpu which don#T support AES-NI.
I think you reached the limit of the cpu.

best regards
Dirk

Title: Re: OpenVPN performance
Post by: bartjsmit on January 11, 2019, 08:37:30 am

You could try multiple VPN connections, preferably from separate Intel NIC's. FRR is able to load balance between them.

You obviously need control over the server to configure the corresponding server instances.

Bart...

Title: Re: OpenVPN performance
Post by: user1234 on January 11, 2019, 05:56:08 pm

I know the CPU is pretty old so I can't expect much, but I still don't understand why the process sits at 45% with the rest of the system idle. I would have thought even without AES-NI I could max out a core, unless there is a bottleneck somewhere else? I couldn't work out how to test if the system was limited by IO or buffers or the NIC.

bartjsmit: I did wonder about multiple connections but it is not easy to change the server as I don't have access to it at the moment. Maybe this is a solution in the long term.

Thanks for the help