OpenVPN performance differential (openWRT, pfSense & OPNsense)

[john9527]

Thanks for the clarification. Could be, but unsure where to look for further clues. AES-NI is quite elusive and questions tend to come in in waves.


Cheers,
Franco

Well, you are not going to believe this one.   After checking everything I could think of (the code was handling all the options correctly, the makefiles looked correct, etc), I thought could something be limiting the processor.   I was running with PowerD disabled.....I enabled HiAdaptive mode and miraculously the speed came up right in line with my pfSense measurements!  Not sure I understand, but I'll take it  :)

[franco]

Yay, great work figuring that out. Happy to hear. The tinkerers will be interested as well always trying to squeeze out more performance... :)


Cheers,
Franco

[Ilnahro]

I regret falling silent in the middle of this discussion (I had to move abroad), but I finally got around to tinkering with this problem again and I am happy to report I actually seem to have found a solution.

My setup has changed somewhat (now running an FX8300 (with AES-NI) and 16GB as the host for the VM) as has my connection (now 200/50), but I was experiencing the same problem (without OpenVPN, OPNSense managed the full 200/50, with OpenVPN I was stuck at very inconsistent speeds which averaged around 20/20 and maxed out at 30/30 occasionally even after extensive tweaking).

The limiting factor appears to have been the send/receive buffers. I am not sure what default values OpenVPN applies in OPNSense, but I found a thread (https://forum.netgate.com/topic/103216/pfsense-hardware-for-home-router-openvpn-performance) about pfsense discussing OpenVPN performance where someone posted their config including the buffers. Adding them immediately boosted my Download to the expected 200 on download. My download is still stuck around 20-30 but it seems like this is more a limitation of my VPN provider (as I cant get over 30Mbits for upload on my Windows Desktop either)

TL:DR

Add the following lines to the advanced config for OpenVPN connections:

Code Select Expand

sndbuf 524288;
rcvbuf 524288

Maybe this will help someone who read this thread and couldn't get any further than I had come so far :)

[jezza007]

Yeah the first issue is obvious, your using an emulated e1000 driver.
Even if there is a penalty using a paravirtualized driver it should still outperform the emulated driver.
So for something that's actually comparative, you need to provide the results of OpenWrt running with the e1000.
Of course for the vmxnet driver to work you need to also ensure the same version of vmtools is installed to all guests to ensure the vmxnet driver being compared is identical.
Hope this helps.

[jezza007]

Whilst I think about it the other issue is your running it on a windows 10 OS with virtualbox, and with all good intention you cant ring fence the network traffic of the win10 OS, such broadcasting, antivirus traffic, etc
You should try running it on a monolithic hypervisor for a truer comparison.