Slow OpenVPN.... will Intel QuickAssist make a difference?

Started by ChrisV, November 02, 2023, 02:42:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 02, 2023, 02:42:11 PM
I've managed to get the OpenVPN working with OpnSense but I only get transfer speeds of around 6Mb/s. The CPU in my server is dual Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz. Ive seen posts stating that the CPU is probably the bottleneck, which as it is an older CPU would make sense. Someone mentioned that OpenVPN uses a single core.

My questions are:

What could I do to speed up the connection? I have considered buying a cheap Intel QuickAssist card to do the encryption/decryption. Any idea what kind of difference this would make? I can buy a card from ebay for $60. Under System>Miscellaneous there is the option for this hardware acceleration. If I can get up to 200Mb of throughput per second I would be very happy.

https://www.mouser.com/datasheet/2/612/quickassist-adapter-8950-brief-345836.pdf

What would be the best way to identify the bottleneck?

I have tried reducing the encryption bits but the connections seem to fail

Many thanks in advance.
November 02, 2023, 02:50:57 PM #1
What is your CPU utilisation? You need to find the bottleneck and fix it - beware of shotgun debugging

Ark says your CPU has all the security features available: https://ark.intel.com/content/www/us/en/ark/products/83356/intel-xeon-processor-e52630-v3-20m-cache-2-40-ghz.html
November 03, 2023, 10:15:12 AM #2
At 6Mb/sec, it's not the CPU, at least not on the opnsense side.
November 03, 2023, 11:12:59 AM #3
you might also increase snd and rcv buffer for the client:

Add to client config (bytes):

sndbuf 512000
rcvbuf 512000
November 04, 2023, 02:36:43 PM #4 Last Edit: November 04, 2023, 02:43:54 PM by ChrisV
I reinstalled everything from fresh and am now getting 100% from my connection.

I might have increased the CPU count, when i reinstalled it. I currently have 4 cores. It was possibly at a lower number before.

Thanks for all the help guys
November 06, 2023, 02:59:42 PM #5
Another twist in the story... I get the full speed when connecting and running a speed test such as https://www.speedtest.net/ (100Mbs) but... when i copy and file (SMB 3.0) or run an iPerf, I get e much slower speed (40Mb).

I tried adding the byte values to the client config but it made no difference. Any ideas guys?

I checked the CPU utilisation and it was only around 12.5% on the individual CPU core.
Print
Go Up Pages1
User actions