OPNsense Forum
English Forums => General Discussion => Topic started by: Gargamel on October 11, 2017, 01:53:49 pm
-
Hi.
Pretty dumb question here.
Would an openvpn connection (from router/lan to internet) be able to do higher speeds if opnsense is virtualized with 1 cpu / 1 core? (Would not the VM like ESXi, use more cores but the guest "only uses one"?)
I have a i7-5550U cpu in my firewall-computer, and thinking now on either 2 openvpn instances to split lan/servers to 2 different connection using vlan instead of all go over one openvpn connection (AES-256-GCM).
-
I doubt that it is better to generate more overhead (virtualization) and hope that the throughput is better at the end. Furthermore which kind of virtualization do you have in mind?
E.g. you can use kvm or docker with virt networking.
-
No idea which virt i might use.
I have 250/250 Mbps connection and when i run dslreports.com/speedtest i get around 220 Mbps when it test up and down speeds, but it only tests one way each time i believe, so i am not sure if my box can handle 250 Mbps both ways at the same time.
Did see cpu usage around 10% with one openvpn connection..
-
Why are you not using VLAN and openvpn without virtualization --> so create your VLAN-Interface etc.
-
I will use vlan as soon i changed out the router at home and reinstalled the firewall with opnsense.
But using vlan would not increase the speed one single openvpn can muster, will it?
-
If I understand you correctly then vlans are much faster from the usage. Because the vlan-id is within the network package and stripped from you kernel. If you use virtual networking with virtual cpus you will have more overhead. You need to manage at least 2 different network stack with almost the same content (arp, ips, etc.).