Migrated from pfSense to OPNSense - OpenVPN throughput not what it used to be

Started by FarmerBrown, May 01, 2024, 09:22:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 01, 2024, 09:22:28 PM
Hi,

A new OPNSense user here so still feeling my way around.

I've spent a few days now migrating / rebuilding from pfsense over to opnsense (same hardware) and today got around to the VPN side of things. I have a VPN with Private Internet Access through which I push some traffic.

With pfsense I use to get near-wire speed of 500Mb down. On OPNSense, without VPN, I get near-wire speed (400-450) which is expected.

When I run it over the VPN, I only get 150-170Mb/s down.


  • I read that as of 22, AES-NI is supported in the kernel so I don't explicitly need to do anything with it.
  • I note that within the settings, hardware acceleration is set to None. (Assuming this is correct)



  • hardware: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz (2 cores, 4 threads)
  • instance: OPNsense 24.1.6-amd64, FreeBSD 13.2-RELEASE-p11, OpenSSL 3.0.13
  • load average: 0.26, 0.28, 0.34

I am using Private Internet Access, the same sever (address at least) as I used before.
I am using OpenVPN "legacy".

Am I missing something that is slowing it down?







May 01, 2024, 09:24:03 PM #1
Should have added - CPU goes to 45-50% when running a download.
It never budged on pfSense once hardware acceleration was enabled.
May 02, 2024, 08:22:53 AM #2
If you compare FreeBSD 14 and 13 I'm certain there are differences not even factoring in OpenVPN DCO, which isn't available in FreeBSD 13.


Cheers,
Franco
May 02, 2024, 09:47:46 AM #3
Franco, I am sure there are lots of differences but my issue I am trying to solve is the performance one.
It would be odd to say a newer OS would be that much worse than the previous one? (Windows 11 enters the chat...)

I've poked and prodded around and cannot see anything I have done wrong. I've also used different servers for PIA and same thing.
May 02, 2024, 11:06:14 AM #4
The OS major version difference is one of the main differences in performance. It's been discussed exhaustively.

I still don't know if you base your measurement off DCO in the pfSense so that's all I can say from here.


Cheers,
Franco
May 02, 2024, 11:37:47 AM #5
https://forum.opnsense.org/index.php?topic=38909.msg197650#msg197650

I personally don't like close-source crypto(enhancers?).
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
May 02, 2024, 11:51:44 AM #6
Quote from: chemlud on May 02, 2024, 11:37:47 AM
I personally don't like close-source crypto(enhancers?).

But totally free of backdoors and bugs, trust me. ;)


Cheers,
Franco
May 02, 2024, 11:56:50 AM #7


Hey bud! Come here!

WHAT? ME?

Pssshhh!

what? me?

Rrrriiight.
Wanna buy some crypto enhancements?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions