• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Is this performance to be expected?

OpenVPN
openvpn problem bandwidth slow
4
16
3.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    s1l3nce @JKnott
    last edited by Feb 3, 2023, 11:59 AM

    @jknott Yep, I'm aware 😓 But why do you think the Synology NAS deals with it much better? What could be causing that difference in performance, even when the NAS has a weaker processor?

    1 Reply Last reply Reply Quote 0
    • S
      SteveITS Galactic Empire @s1l3nce
      last edited by Feb 3, 2023, 3:39 PM

      @s1l3nce Looks like it has 4 cores so 15% would be less than one. OpenVPN is single threaded as I recall. You could verify usage with "top" during the test.

      I didn't dig through your settings but did you review
      https://docs.netgate.com/pfsense/en/latest/recipes/index.html#openvpn

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      S 1 Reply Last reply Feb 3, 2023, 6:43 PM Reply Quote 0
      • S
        s1l3nce @SteveITS
        last edited by Feb 3, 2023, 6:43 PM

        Sorry for my ignorance guys. I've just launched iperf with -P4 (4 threads) instead of -P2 and now I'm getting nearly 300 mbps (which is the connection cap) and 25% CPU usage, which means that I'm maxing out one core.

        So that's definitely a relief but now I need to figure out why my smb transfers are so bad. If you have any tips on that, I'm all ears 🙏

        @steveits said in Is this performance to be expected?:

        https://docs.netgate.com/pfsense/en/latest/recipes/index.html#openvpn

        Yep, I did 😅

        M 1 Reply Last reply Feb 3, 2023, 6:50 PM Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @s1l3nce
          last edited by Feb 3, 2023, 6:50 PM

          @s1l3nce said in Is this performance to be expected?:

          So that's definitely a relief but now I need to figure out why my smb transfers are so bad. If you have any tips on that, I'm all ears

          I would avoid SMB transfers period.
          What is the latency between the client and the server?

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          S 1 Reply Last reply Feb 3, 2023, 7:34 PM Reply Quote 0
          • S
            s1l3nce @michmoor
            last edited by s1l3nce Feb 3, 2023, 7:55 PM Feb 3, 2023, 7:34 PM

            @michmoor said in Is this performance to be expected?:

            What is the latency between the client and the server?

            20ms and very stable.

            I've just found something very interesting. When I do smb transfers between server and client, this happens:

            • Client downloading a file from OpenVPN server
              login-to-view

            • Client uploading a file to OpenVPN server
              login-to-view

            I've also tried using WireGuard and the downloading was even worse than OpenVPN but the upload was the same; network capped.

            • Client downloading a file from WireGuard server
              login-to-view

            • Client uploading a file to WireGuard server
              login-to-view

            I think I'm very close to finding the culprit. Thanks for the help and all the interest 🙏 Sharing all this stuff with you is helping me a lot.

            Btw, just to clarify, this is a speed test on the network where the NAS is hosted. I said 500/500 mpbs in the op because it's in my contract but for some reason I'm receiving 100 extra mbps. Not complaining 😂
            login-to-view

            And just to be sure that the NAS is not causing this issue, I've also downloaded files from a Windows machine inside the same network to the machine with the openVPN client and the download speeds where the same as from the NAS (around 15 Megabytes/s).

            S 1 Reply Last reply Feb 5, 2023, 12:58 AM Reply Quote 0
            • S
              s1l3nce @s1l3nce
              last edited by s1l3nce Feb 5, 2023, 12:59 AM Feb 5, 2023, 12:58 AM

              Tomorrow I will try to do the same test but with a client from a different network that also has a 600/600 mbps connection, because I'm starting to think that it could be an issue on the receiving end, meaning that maybe the client that I'm using right now has some issue with VPN downloads. I doubt this is the case but who knows...

              I will update this post tomorrow with the results.

              S 1 Reply Last reply Feb 5, 2023, 11:46 AM Reply Quote 0
              • S
                s1l3nce @s1l3nce
                last edited by Feb 5, 2023, 11:46 AM

                Ok, I've done some testing from this other client and the results are pretty much the same: uploads are great (400 mbps, which is the maximum that I can expect from my firewall's processor with AES-NI) and downloads are still poor (average of 150 mbps).

                I've also tested doing FTP file transfers through VPN and I got the same results as with smb. So smb is not the issue.

                So these are my findings so far:

                • OpenVPN does not seem to be the problem: I've got even worse server upload with WireGuard.
                • SMB is not the problem: FTP through VPN gives similar results.
                • My server upload is not the problem: direct SFTP uploads (bypassing the VPN) are just fine.
                • My firewall processor is not the problem: the CPU caps at 25% (one core at full usage) when the upload reaches about 400 mbps.

                I'm really out of ideas now but at least I've discarded loads of things 😅

                S 1 Reply Last reply Feb 21, 2023, 8:24 AM Reply Quote 0
                • S
                  s1l3nce @s1l3nce
                  last edited by s1l3nce Feb 21, 2023, 8:26 AM Feb 21, 2023, 8:24 AM

                  I still haven't figured out why this is happening. The only update I have is that I've also tested this on macOS using the official openVPN client and I had the same results: perfect upload speeds (to the server) and terrible download speeds (from the server).

                  I don't know what else to try at this point.

                  1 Reply Last reply Reply Quote 0
                  • S
                    s1l3nce
                    last edited by Jan 20, 2024, 10:08 PM

                    I know this topic is quite old but I just want to give a small update.

                    I ended up changing from OpenVPN to Wireguard. I managed to reach my maximum upload/download server speeds through Wireguard. So, even though it is more painful to configure each client, the performance increase makes a huge difference.

                    S 1 Reply Last reply Jan 21, 2024, 4:02 PM Reply Quote 0
                    • S
                      s1l3nce @s1l3nce
                      last edited by s1l3nce Jan 21, 2024, 4:05 PM Jan 21, 2024, 4:02 PM

                      Here is my transfer performance using Wireguard

                      DOWNLOADING FROM SERVER (Server upload performance)
                      login-to-view

                      UPLOADING TO SERVER (Server download performance)
                      login-to-view
                      I'm very happy with these results.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.