OpenVPN Speed problem on 1 Gbps link

khodorb

@steveits
This is what i have in place

And this is for openvpn settings , what do you recommend ?
any advice is highly appreciated

khodorb

@SteveITS

SteveITS

@khodorb Try changing "Cryptographic Hardware" to AES-NI. IIRC OpenVPN doesn't support QAT.

What is the CPU usage while transferring files?

Did you review https://docs.netgate.com/pfsense/en/latest/recipes/index.html#openvpn ?

You're also on a pretty old version, 2.4.5. You can upgrade to Plus though it might be a few steps to get there. Or you can back up, install 22.05, and restore.

re: Plus, also see:
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html

khodorb

@steveits
CPU Usage is normal between 5 to 20 %

i reviewed this doc but i haven't applied any changes beside enabling hardware crypto and set it to AES-NI + BSD Crypto
to be honest i am still getting the same speed whern doing a speedtest,
would you be able to find any misconfiguration in my settings above,

i am planning to upgrade soon and hope that helps too

SteveITS

@khodorb When you say 1 Gbps WAN, is that symmetrical? Both up and down? The limit would be the slowest speed at either end of the VPN.

khodorb

@steveits yeah it is symmetric , i have tested that on the lan network,

also i have tested that on 3 end users :

User 1 had 500Mb downlad and 30upload

he conducted 2 tests while connected to VPN : first test on wifi home modem he got 29/17
second test using lan connection on him home modem he got 80/20

second users was testing VPN on lan , he got 60/20

Jarhead

@khodorb You only mention the 1G on your side.
What connection speed do they have at home?

disregard, noticed the 500/30. Thought that was his test speeds.

khodorb

@jarhead
This is the speed test when i run it from the datacentre on lan where the pfsense is installed

this is the test speed from my home internet using the lan connection to the modem

this is the VPN speed test while connected to pfsense using lan connection in my home modem

spyder0552

Hate to say it..you will most likely not get much faster.
I posted my test results a year or so ago here where I was testing openVPN in lab where my computer was on the WAN interface in the lab with full 1Gb.
I could never get it above 30-50Mb. Even had Netgate support go through the config.
This was also running Pfsense on a Dell R610 with 144Gb ram.

Pfsense is just slow.

Actually doing another lab test this week to use Wireguard instead. If you figure out the issue with OpenVpn let me know as I am curious. I think it is also just Windows enviroments.

khodorb

@spyder0552

Thanks, I will be going through some debugging and might go for a new netgate appliance 6100 Max with new pfsense+ version, i will update the thread once i have some updates