I see that OpenVPN performance issues have been discussed a lot here (and elsewhere on the internet).
From what I've read:
OpenVPN is still single threaded, so single core CPU performance only. Netgate home/business equipment is not up to the task for gigabit speeds. One workaround is to create multiple VPN tunnels and somehow combine them, but this apparently comes with its own problems.
OpenVPN is partway userland and partway kernel. This is why context switching is a thing. One question about this – as I watched top, I could see the OpenVPN process jumping back and forth between CPU0 to CPU1. Is this required for userland<->kernel switching? Wouldn't there be a performance boost setting the affinity to a single core?
IPSec seems to be recommended as an alternative… has anyone done this with pfsense?