OpenVPN Speed

Started by hypemedia, November 22, 2022, 12:42:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 22, 2022, 12:42:41 PM
I have an issue with the openvpn speed.

The speed that the VM where the Opensense is installed can support up to 45Mb/s while when I run via the OpenVPN the speed is capped at 1.5Mb/s

I have tried modifying the tunable, disabling encryption, tinkering with OpenVPN settings.

I am out of ideas on what I can do to make it work. The vm is running on KVM. I also configured all the KVM specific config to expose processor to VM and so on.
November 22, 2022, 08:46:04 PM #1
You should provide more information. Is OPNsense OVPN server or client? If server, what HW is your client(s)? How did you measure speeds with/without VPN?

With OVPN server running on E3845 I measured 17MB/s+ with SMB and iperf from Windows client (i5 8350u) and 7MB/s from smartphone (s22+), both to a NAS in remote LAN.
i am not an expert... just trying to help...
November 24, 2022, 10:33:07 AM #2
As I said the opnsense is running on KVM AMD EPYC-Rome Processor (8 cores, 8 threads).
I measured simply by doing an wget of a 1 gb file from the internet with both VPN on and without VPN.

I am talking about the server OpenVPN running on Opnsense.
November 25, 2022, 02:35:48 AM #3
Check you are able to expose the real hardware accelerated encryption functions are exposed in your VM. I'm able to use CHACHA20-POLY1305 and get speeds closer to the wire.
December 02, 2022, 01:42:53 PM #4
Hi tried that also moved the VM to Vmware and disabled the the encryption all together. It looks like a network configuration issue. The openvpn on ubuntu out of the box is 10 x faster.
December 02, 2022, 01:50:25 PM #5
Quote from: yourfriendarmando on November 25, 2022, 02:35:48 AM
Check you are able to expose the real hardware accelerated encryption functions are exposed in your VM. I'm able to use CHACHA20-POLY1305 and get speeds closer to the wire.

this is not solved with moving to vmware. What "hardware" ar you using? VMXNET3?
December 11, 2022, 11:17:18 AM #6
Yes I am using VMXNET3 tried also the 1000E no change. In the end I dropped opensense and went for a linux with standard openvpn. I did some custom ansible scripts and google OTP and azure auth module.

Speed on that setup si around 14 Mbps same virtual hardware as the one in opnsense so I imagine that is a BSD issue somewhere. I don't have time and resources to investigate more on this.
Print
Go Up Pages1
User actions