OpenVPN speed

Started by oleg, March 19, 2024, 01:11:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 19, 2024, 01:11:30 PM Last Edit: March 19, 2024, 01:22:59 PM by oleg
I expected much more speed.
I've conducted the test with iperf3 and wired connection.
In short: OPNsense gives about 100/90 Mbits/s, but it is too low numbers in comparison with plain linux machine and openvpn package (~650Mbit/s)

Software/Hardware specs:

Versions     OPNsense 24.1.3_1-amd64
FreeBSD  13.2-RELEASE-p10
OpenSSL  3.0.13
CPU type    Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz (with AES-NI)
1 GB port (yes, I tested it without vpn)



OpenSSL test:
Code Select

root@OPNsense:~ # /usr/local/bin/openssl speed -evp aes-256-gcm
Doing AES-256-GCM for 3s on 16 size blocks: 30204438 AES-256-GCM's in 3.00s
Doing AES-256-GCM for 3s on 64 size blocks: 23236206 AES-256-GCM's in 2.99s
Doing AES-256-GCM for 3s on 256 size blocks: 15034680 AES-256-GCM's in 2.98s
Doing AES-256-GCM for 3s on 1024 size blocks: 7182913 AES-256-GCM's in 2.99s
Doing AES-256-GCM for 3s on 8192 size blocks: 1207259 AES-256-GCM's in 2.99s
Doing AES-256-GCM for 3s on 16384 size blocks: 607857 AES-256-GCM's in 2.98s
version: 3.0.13
built on: Mon Feb  5 20:57:43 2024 UTC
options: bn(64,64)
compiler: cc -fPIC -pthread -Wa,--noexecstack -Qunused-arguments -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing -DL_ENDIAN -DOPENSSL_PIC -D_THREAD_SAFE -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
CPUINFO: OPENSSL_ia32cap=0xfffab2234f8bffff:0x4009c47ab
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
AES-256-GCM     161090.34k   497000.00k  1289676.42k  2458169.12k  3305229.28k  3345849.14k


iperf sends packets with maximum allowed size, so consider the speed of AES-256-GCM for 1024 bytes -- it is 2,458,169.12k (!) -- quite enough.


iperf3 test results:

Code Select

$ iperf3 -c 192.168.8.1
Connecting to host 192.168.8.1, port 5201
[  5] local 192.168.8.5 port 39024 connected to 192.168.8.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  9.99 MBytes  83.8 Mbits/sec    4    181 KBytes       
[  5]   1.00-2.00   sec  11.0 MBytes  92.5 Mbits/sec    2    163 KBytes       
[  5]   2.00-3.00   sec  10.7 MBytes  89.4 Mbits/sec   23   76.2 KBytes       
[  5]   3.00-4.00   sec  9.74 MBytes  81.7 Mbits/sec    1    113 KBytes       
[  5]   4.00-5.00   sec  10.8 MBytes  90.4 Mbits/sec   45    124 KBytes       
[  5]   5.00-6.00   sec  11.3 MBytes  95.1 Mbits/sec   21    149 KBytes       
[  5]   6.00-7.00   sec  12.2 MBytes   102 Mbits/sec    0    200 KBytes       
[  5]   7.00-8.00   sec  10.6 MBytes  88.9 Mbits/sec   55   93.3 KBytes       
[  5]   8.00-9.00   sec  10.4 MBytes  87.4 Mbits/sec   61    113 KBytes       
[  5]   9.00-10.00  sec  10.5 MBytes  87.9 Mbits/sec   12    112 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   107 MBytes  89.9 Mbits/sec  224             sender
[  5]   0.00-10.01  sec   106 MBytes  89.3 Mbits/sec                  receiver



Code Select

$ iperf3 --reverse -c 192.168.8.1
Connecting to host 192.168.8.1, port 5201
Reverse mode, remote host 192.168.8.1 is sending
[  5] local 192.168.8.5 port 42492 connected to 192.168.8.1 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  11.8 MBytes  99.3 Mbits/sec                 
[  5]   1.00-2.00   sec  10.8 MBytes  90.5 Mbits/sec                 
[  5]   2.00-3.00   sec  12.2 MBytes   102 Mbits/sec                 
[  5]   3.00-4.00   sec  11.3 MBytes  94.8 Mbits/sec                 
[  5]   4.00-5.00   sec  12.7 MBytes   106 Mbits/sec                 
[  5]   5.00-6.00   sec  12.9 MBytes   108 Mbits/sec                 
[  5]   6.00-7.00   sec  12.3 MBytes   103 Mbits/sec                 
[  5]   7.00-8.00   sec  13.2 MBytes   111 Mbits/sec                 
[  5]   8.00-9.00   sec  10.4 MBytes  87.2 Mbits/sec                 
[  5]   9.00-10.00  sec  11.3 MBytes  94.6 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   120 MBytes   100 Mbits/sec  106             sender
[  5]   0.00-10.00  sec   119 MBytes  99.7 Mbits/sec                  receiver


Print
Go Up Pages1
User actions