Openvpn extrem slow even without Excryption on 2 1GB/s connections
-
Hello
Here i have 2 Servers within 2 Datacenters (Storage place) with 1 1GB Connectsions to the net.
When i do i Iperf (without VPN betwenn this 2 PFsense Devices i get: arround 700-800Mbit/s
Wen i do same tests with iperf within the openVPN of this 2 Devices i get arround 130-150Mbit/s
Even when i disable Excryption for testing i dont get much more then 170Mbit/s
I played arround with some Settings found on the Net
I played with different MTU Sices Fragmentation, Rx/TX Buffer but nothing realy speed up the connection.
I can understand that i dont get the max rate (700-800Mbits/s) but 150Mbit´s seem to much too low…
I played with some advanced settings as i wrote for hours but nothing realy speed up VPN dramaticaly - also if i disable Encryption
I dont undertand this issue ...
Can anyone help me ?
Best regards
CU
GTR -
OpenVPN, by its nature, is slow. There is a lot of context switching and using tun the way it does takes it along a very inefficient path compared to IPsec.
You'll need to be specific about exactly which options you have in use on the VPN on both sides or nobody can offer better suggestions than what you may have already tried.
One thing you didn't mention, though, assuming it's pfSense (or at least UNIX) on both sites, and using UDP, you should try "fast-io" in the advanced options.
-
Hi
First of all - Thanks for your Post and your Information.
I made some more Tests with your Hint "FastIO" and Buffer Settings then i get over 82Mbit on a 100Mbit Connection and over 280Mbit on a 1Gbs Connection - so thats not bad.
I also figured out that IPSEC is a little Bit Faster (site 2 site with Pfsense - same hardware same Wan same NET) - i did some tests and on the 1GBps WAN Connection i get with ipsec arround 380Mbps.
But i can live with the Speed of openvpn and it s more easy to configure and forward…
I have a additional Question: Can i do "Routing" between different Subnets on different Openvpn Site2Site Connections ?
So for example:
Client Network1: 192,168,10,1/24
Client Network2: 192,168,11,1/24
Client Network3: 192,168,12,1/24All This Networks have its own pfsense and all are connected to a Server Pfsense - Network: 192.168.100.0/24
All is done with Site2Site so: every Device in every Client Network (1-3) can ping each device on the Server Network
Also each device on the Server Network can ping each Device on each Client NetworkBut i also want that each Device of Client Network1 can reach each device of Client Network3.
Is there a way to configure pfsense (ovpnclient and ovpnserver) that the server route the request from Client Network1 to Client Network3 and in the other direction ?
Or do i have to make a extra VPN Connection betwen this 2 Networks ?