OpenVPN Client-to-Site is very slow
-
hello dear,
i fight against this problem for a few days…
Here are some informations about my config:- pfSense running on an ESX 5.5 --> Version 2.2.5 (updated today, before 2.2.4) (AMD 64)
- Hardware: 4GB Ram, Dual-Core, i think this is enough to handle 2-3 clients
- WAN Connection: (Download >100mbit, Upload >70mbit)
- OpenVPN Client-to-Site connections are authenticate over LDAP (Active Directory Domaincontroller)
- Safety: AES 256bit CBC
Everything works fine but the bandwith is very slow. More than 3mbit is not possible (but over 70mbit upload is possible)
I try the following things to increase the bandwith but it does not help:- Decrease the safety to AES 128 CBC (There was only a lower CPU load)
- a lot of different openvpn clients
- changed the following settings in the advanced field: tun-mtu 1500; mssfix 1400;
- all possible settings for lzo compression
- Downgrade the pfsense on the following versions: 2.2.3, 2.2.2, 2.2.1, 2.2 and 2.15
- net.inet.ip.fastforwarding switch to value 1
All this settings do not solve my bandwith limitation.
Does anyone have some ideas?
Thansk in advance
-
What kind of connection are the clients using?
-
"Everything works fine but the bandwith is very slow. More than 3mbit is not possible"
How are you testing this bandwidth? A file copy via smb? SMB over a wan is going to blow.. What is the latency these clients have?? 20ms? Higher?
I run pfsense on esxi, and I vpn in all the time.. Now my upload is limited to 12mpbs at the pfsense end.. But I know for sure I get better than 3…
-
I tested with ipferf. But now, from another wan connection i get "normal" performance. i think there was a issue with the other wan connection i used for my vpn.
thanks a lot for the fast reply :)
my configuration seems to be okay! -
because i found this topic already open will update with the same issue i have. The openvpn connection is verry slow. When i try to copy something it gets a max of 50kb/s !!!
I have attached the connections for both client(speedtest) and pfsense-openvpn server(console).
On the Openvpn side i use:- DH Parameter length (bits) - 2048
- Encryption Algorithm - AES-256-CBC
- Auth digest algorithm - sha256
- Hardware Crypto - Intel RDRAND engine
Should i need to lower those?
Thank you
![Screen Shot 2016-10-02 at 13.41.26.png](/public/imported_attachments/1/Screen Shot 2016-10-02 at 13.41.26.png)
![Screen Shot 2016-10-02 at 13.41.26.png_thumb](/public/imported_attachments/1/Screen Shot 2016-10-02 at 13.41.26.png_thumb)