OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: s4rs on December 01, 2016, 11:59:13 pm

Title: Question about OpenVPN Performance
Post by: s4rs on December 01, 2016, 11:59:13 pm

 I setup my OpenVPN tunnel and decided to run iPerf to see what performance penalty there was. My lab is as follows

my home lan at 192.168.1.0/24 <----> a Mikrotik RB2011i Wan Port <---> Mikrotik 1Gb Lan <---> 173.24.225.0/24 <---> Opnsense Wan Port 1Gb <---> Opnsense Lan <--- >1Gb Switch < ---> 192.168.2.0/24.

The Opnsense Wan nic has been assigned a DHCP static lease for consistency. I have two Windows clients, one on the Mikrotik 173.24.255.0 lan and one on the Opnsense 192.168.2.0 lan.

If I run iperf from the Mikrotik lan to the Opnsense wan port iPerf pushes about 600Mb/s  When I start the VPN and go to a system on the Opnsense lan I get approx 100Mb/s. It seems like OpenVPN is throttled to 100Mb/s. The Opensense box CPU is not even breathing.  An iPerf test from the Opensense lan to the Mikrotik lan without OpenVPN gave approx 500Mb/s

Any ideas? If I use a 100Mb switch I get approx 80Mb/s via OpenVPN connection. About the same without OpenVPN..

Another observation. If I setup a rule in Opnsense to allow the Windows box to RDP from the Opnsense Wan to the Windows box on the Opnsense lan nothing happens. All packets are blocked. Is this expected? [forget this, I looked up how to setup a pfsense NAT rule and followed the guide to get it working, getting there slowly. question still remains about OpenVPN performance if anyone has a ideas or knowledge]

Title: Re: Question about OpenVPN Performance
Post by: s4rs on December 02, 2016, 04:20:31 am

after a bit more testing the OpenVPN performance compared to Port Forwarding is not too bad.

once I figured out the NAT rules I did another iperf test from the 173 network to the 192 network. In a 20 minute test NAT ran at 113Mb/s and a total of 15.8GB, while the OpenVPN test from 173 to 192 ran at 101Mb/s and 14.1 GB about a 10% diff.. Tomorrow I'll see what my old Verizon MI24WR Rev 1 can do as a comparison.. Maybe I'll test my Mikrotik while I'm at it..

Title: Re: Question about OpenVPN Performance
Post by: s4rs on December 07, 2016, 01:50:51 pm

I posted this question on the Viscosity client forum and the moderator posted this link https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux (https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux). I added all the options on the client and server side, shutdown the client, bounced the server and outbound performance tanked. I backed out the options on the server and client and the performance never came back.

I wasn't sure if the issue was on the client or server side so I booted my other OPNsense system and tested it. The throughput was good again. It seems like the Advanced Override settings never got backed out. Where are they stored so I can see if they got removed? Seems like a server bug to me.