Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client-to-Site is very slow

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 4 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      streetsfinest
      last edited by

      hello dear,

      i fight against this problem for a few days…
      Here are some informations about my config:

      • pfSense running on an ESX 5.5 --> Version 2.2.5 (updated today, before 2.2.4) (AMD 64)
      • Hardware: 4GB Ram, Dual-Core, i think this is enough to handle 2-3 clients
      • WAN Connection: (Download >100mbit, Upload >70mbit)
      • OpenVPN Client-to-Site connections are authenticate over LDAP (Active Directory Domaincontroller)
      • Safety: AES 256bit CBC

      Everything works fine but the bandwith is very slow. More than 3mbit is not possible (but over 70mbit upload is possible)
      I try the following things to increase the bandwith but it does not help:

      • Decrease the safety to AES 128 CBC (There was only a lower CPU load)
      • a lot of different openvpn clients
      • changed the following settings in the advanced field: tun-mtu 1500; mssfix 1400;
      • all possible settings for lzo compression
      • Downgrade the pfsense on the following versions: 2.2.3, 2.2.2, 2.2.1, 2.2 and 2.15
      • net.inet.ip.fastforwarding switch to value 1

      All this settings do not solve my bandwith limitation.

      Does anyone have some ideas?

      Thansk in advance

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        What kind of connection are the clients using?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          "Everything works fine but the bandwith is very slow. More than 3mbit is not possible"

          How are you testing this bandwidth?  A file copy via smb?  SMB over a wan is going to blow.. What is the latency these clients have??  20ms?  Higher?

          I run pfsense on esxi, and I vpn in all the time.. Now my upload is limited to 12mpbs at the pfsense end.. But I know for sure I get better than 3…

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • S
            streetsfinest
            last edited by

            I tested with ipferf. But now, from another wan connection i get "normal" performance. i think there was a issue with the other wan connection i used for my vpn.
            thanks a lot for the fast reply :)
            my configuration seems to be okay!

            1 Reply Last reply Reply Quote 0
            • N
              nikkon
              last edited by

              because i found this topic already open will update with the same issue i have. The openvpn connection is verry slow. When i try to copy something it gets a max of 50kb/s !!!

              I have attached the connections for both client(speedtest) and pfsense-openvpn server(console).
              On the Openvpn side i use:

              • DH Parameter length (bits) - 2048
              • Encryption Algorithm - AES-256-CBC
              • Auth digest algorithm - sha256
              • Hardware Crypto - Intel RDRAND engine

              Should i need to lower those?

              Thank you

              ![Screen Shot 2016-10-02 at 13.41.26.png](/public/imported_attachments/1/Screen Shot 2016-10-02 at 13.41.26.png)
              ![Screen Shot 2016-10-02 at 13.41.26.png_thumb](/public/imported_attachments/1/Screen Shot 2016-10-02 at 13.41.26.png_thumb)

              pfsense 2.3.4 on Supermicro A1SRi-2758F + 8GB ECC + SSD

              Happy PfSense user :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.