Distinction between traffic on port 443
-
When I use OpenVPN I always use the UDP daemon, for speed.
But for compatibility I have a second daemon running on port 443, as this port almost never gets blocked.When I was testing the port-share option I did not have any vpn clients connected.
-
Could you run the web server exclusively on 443 and put the OpenVPN TCP service on port 80?
-
What exactly is slow?? That is not a technical term ;) To a race car driver you doing 90 in a 75mph zone is slow ;) If your on gig, 100mbps is SLOW.. If am using 10ge than your gig is like watching paint dry…
What benchmark did you do without the port sharing, and then with the port sharing and what was the performance hit??
-
I could try port 80 for OpenVPN. That could be an option. But I have to use port share also.
Because the webserver does serve some regular HTTP sites as well.What is exactly slow?
I get what you mean and maybe I had to explain myself a bit more.
So I will do now.I have 2 SSL sites behind the pfSense box. When I put them on their own port (4443) without port sharing the pages load instantly, you'll get the login prompt (put in your credentials) and the page after that loads instantly as well.
When I put the sites on port 443 with port sharing it takes around 10 seconds more to load the first page with the login.
After putting in your credentials it takes another 8 - 10 seconds before the second page loads. -
Welcome to port sharing ;) System has to figure out that is not openvpn traffic, but web traffic - send that on, etc. etc..
I would suggest you get another public IP if you want to serve up different services off the same port ;)
What you could do is redirect traffic that comes in on 443 for your webserver to new port that way it will be faster.. And you just take a hit on people coming in on https://your.domain.tld, they hit that page - then get redirected to https://your.domain.tld:4433
-
Ok, thanks for the heads up. I'll have a look.
-
I'm witnessing the exact same thing.
Have port-share enabled, that forwards regular https traffic forward to my synology.
I was already using port-share on a Asus Router (which was speced way lower than my current pfSense box ;D). On the Asus router I had no speed issues with port-share.
With pfSense (and port-share) is really slow. If I access the web server through another port speed is fine.@Panja: What did you end up with? Are you living with decreased https-performance?
Any other solutions or explanations?
-
So your asus router was running openvpn and using the openvpn port sharing feature to send on to something behind? Or did it have some other port sharing feature??
-
Yes, the Asus router was running OpenVPN with port-share (activated in a text field for additional OpenVPN config, like in pfSense). No other proprietary feature or whatsoever.
-
anyone?
-
