Performance mystery with PIA on pfsense
-
The performance test with AES-NI enabled gives me a theoretical max of 92Mbps.
-
With a benchmark like that I would have expected about 100 Mbps in download.
I regret not being able to help you more.
The only thing I can add to the info about my settings is that I'm running the 2.3.2 stable version.
If you will solve the issue, I'd like to read the adopted solution.
Cheers -
i've got 200mbps but can only seem to get 20mbps via pia
I have a
Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
2 CPUs: 2 package(s) x 1 core(s)and the following custom options
auth-user-pass /etc/openvpn-password.txt;
fast-io;
sndbuf 524288;
rcvbuf 524288AES cryptographic is enabled,
if you find a way to improve it it would be great to know
thanks!
-
@techy82
just out of curiosity, what PIA server are you connecting? -
new york city
-
new york city
Never tried. I usually go through denmark or sweden and with the configuration above I easily get the limit of the line (100Mbps)
-
I regret not being able to help you more.
You've helped plenty. Thanks. Once I get home from my travels and am not testing remotely I'll be able to try tweaking a few more settings. Worst case I buy an Athlon 5350 or 5370 for a 50% + single thread improvement.
-
new york city
Never tried. I usually go through denmark or sweden and with the configuration above I easily get the limit of the line (100Mbps)
I'll try some different servers later and see how that goes, Thanks
-
pfSense 2.3.2. using PIA with 2 OpenVPN clients combined in one Gateway Group (PIA could not deliver coding/decoding speed with one connection).
Get full ISP speed (500/500 Mbit) with CPU load of ~30%
Hardware: intel i5-3450
VPN- AES-256-CBC
- SHA256
- fast-io;
- sndbuf 524288;
- rcvbuf 524288
- Hardware acceleration enabled.
- 2 fixed (same country as client) IP adresses for PIA.
So it should not be PIA restricted, seems CPU restricted.
-
pfSense 2.3.2. using PIA with 2 OpenVPN clients combined in one Gateway Group (PIA could not deliver coding/decoding speed with one connection).
Get full ISP speed (500/500 Mbit) with CPU load of ~30%
Hardware: intel i5-3450
VPN- AES-256-CBC
- SHA256
- fast-io;
- sndbuf 524288;
- rcvbuf 524288
- Hardware acceleration enabled.
- 2 fixed (same country as client) IP adresses for PIA.
So it should not be PIA restricted, seems CPU restricted.
This is interesting.
How do you set the priority in the group? Both Tier 1 I guess.
And what speed did you get using only one OpenVPN client? -
Indeed, both tier 1.
When using Blowfish (only option in the past), I could not push it above 200Mbit and unstable. By then I came up with the 2 client setup and that worked like a charm.
Recently I switched to AES and with a quick test it seems that it could handle ISP speed also with one connection. I stick with 2 connection for stability and extra security reasons. -
Thanks for your reply.
I'm curious about the OpenVPN performance of various CPUs because of a future upgrade of my line and your CPU seems really interesting from my point of view.
If you are willing, could you performed the simple OpenVPN benchmark referenced here?
https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743 (Reply # 9 message)From the GUI run
openvpn –genkey --secret / tmp / secret
--test time openvpn-crypto --secret / tmp / secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
Then to give the execution time in seconds in real-world meaning:
(3200 / execution_time_seconds) = Projected Maximum Performance OpenVPN in MbpsMy Celeron N3150 gets a value of 116 Mbps that's the same value that normally reaches during download trough a PIA client.
-
Execution time = 9.433 seconds, so Projected Maximum Performance = 339 Mbit.
Does this represent single core performance?
Edit: In this case it does not represent maximum performance. It could easly push 500Mbit with ~30% load.
-
As far as I know OpenVPN works in single thread, but I could be wrong… anyway your CPU is a beast! ;)
Thanks for letting me know. -
Not sure if this will help, but try turning off the Hardware Crypto setting in pfSense:
https://forum.pfsense.org/index.php?topic=115627.0
-
If OpenVPN is indeed single threaded you can try multiple clients like me.
Looks like your Celeron has multiple cores. -
As I remembered, OpenVPN it is not scalable:
https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_openvpn_performanceI wanna say thanks to M_Devil for his tip: using multiple PIA clients I will not have the need to change my router after the line's upgrade.
-
Glad to help you. Please let us know if it worked out.
-
Of course! Thank you again. :)
-
pfSense 2.3.2. using PIA with 2 OpenVPN clients combined in one Gateway Group (PIA could not deliver coding/decoding speed with one connection).
Get full ISP speed (500/500 Mbit) with CPU load of ~30%
Hardware: intel i5-3450
VPN- AES-256-CBC
- SHA256
- fast-io;
- sndbuf 524288;
- rcvbuf 524288
- Hardware acceleration enabled.
- 2 fixed (same country as client) IP adresses for PIA.
So it should not be PIA restricted, seems CPU restricted.
Could you please explain the steps you took to set this up? I'm lost on how you grouped the 2 vpn connections?
Still learning pfsense stuff. And this would probably help others also.
Thanks