OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: HA4g3n on June 07, 2019, 05:04:13 pm

Title: IF OpenVPN THEN very slow connection and High CPU
Post by: HA4g3n on June 07, 2019, 05:04:13 pm

Hello,
I run OPNsense 19.1.9-amd64 in a VMware enviroment.
Without VPN i easy get 300/300 Mbit but when enabled i get about 9ms and around 4 Mbit down and 20 Mbit up.
On OPNsense 18.x i got max bandwith with vpn same provider same hardware.

I have recently installed the FW have tried followed several guides without any luck.
I have struggled quite some time with this and got to a point i really need some help or ill have to try another product like PFsense/openWRT or something like that. But i really like OPNsense.

https://blog.monstermuffin.org/tunneling-specific-traffic-over-a-vpn-with-pfsense/
https://www.ovpn.com/sv/guides/pfsense
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-18-7-setup-with-NordVPN.htm
https://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/

The settings i have now are the following: https://1drv.ms/u/s!AkxiLC6ydXT4o5hFo4SetIl37KI8OQ (https://1drv.ms/u/s!AkxiLC6ydXT4o5hFo4SetIl37KI8OQ):

I have also tried the minimum setup:


Firewall - Rules - LAN:
Protocol IPv4: Source:LAN net *port *Desternation *Port Gateway:VPN (Send all traffic via gateway VPN)

NAT - Outbond:
VPN Interface any source  *port *Desternation *Desternation Port NAT Adress Interface Adress *Nat port
(Allow all Outbound traffic over VPN )

But still high ms and extremly low bandwith.
My primary goal is to be behind VPN, my long term goal is to only use VPN behind all clients but the ones behind an alias of them that will route over ordinary WAN.

As i see now the CPU is maxed when i benchmark the internet.
VMware tools are installed and over INterfaces: Settings the following are disabled:
 Disable hardware checksum offload
 Disable hardware TCP segmentation offload
 Disable hardware large receive offload

Vmwaretools reinstallled without any progress.

Are version 19 bad at optimizing workloads when useing VPN and encryption?
Is AES-NI still supported and enabled as default?

Thanks