PfSense hardware for home router - OpenVPN performance
-
Just finished putting my box together.
- J3355B-ITX
- 2 x (2GB) DDR3L 1600
- 5400 rpm drive
- Dual port Intel Pro /1000
- Antec ISK300-150 Case
All default settings…
Best I got I was 100Mbps down 232Mbps up.
I'll start playing with settings soon...
hmmm, somethings definitely wrong here, others have reported faster speeds on that cpu without even maxing out yet.
-
Hmm, I would not have expected such a big difference there.
Are you seeing any errors on the WAN interface itself?
Do you have fast-io set or send/rec buffers increased? There are knobs for that in the gui in 2.4, you have to add them as custom settings in 2.3.
Steve
That was with default settings right after installing pfSense.
Still haven't got a chance read on wiki for tweaks, but added:
fast-io
sndbuf 524288
rcvbuf 524288under VPN custom options, I was able to get 198Mbps down 234Mbps up. CPU was around 60%.
-
No errors on WAN I assume then?
That's a significant improvement! Still a bigger difference between down and up then I'd expect though.
Steve
-
The reason for this is that the Flash based speedtest.net tool does not account for LZO compression, which is built into the OpenVPN protocol.
did you try beta.speedtest.net I believe that doesn't use flash.
I have i3-7350K and I tried disabling compression and it didn't seem to make a difference, I am able to hit around 700mbs to 800mbs. Maybe i'm not disabling it correctly.
Hmm, you might be correct. I just tried the beta version and still reached 765 Mbps regardless of compression. Maybe its not the compression after all.
I think it's safe to say you can reach around 750 Mbps with OpenVPN on PIA with a G4400 processor (a $50 chip!). It might be the sweet spot for anyone with a 1000 mbit connection, unless you're trying to reach 900 or something but I'm not quite sure the CPU is the bottleneck for that.
-
The fact it's flash based should make no difference there. The only thing that matters is what their test data is, if it's compressible.
That's an impressive result if you're seeing that without compression. Both in terms of the CPU's ability and PIAs.
Steve
-
The fact it's flash based should make no difference there. The only thing that matters is what their test data is, if it's compressible.
That's an impressive result if you're seeing that without compression. Both in terms of the CPU's ability and PIAs.
Steve
Well, the incorrect accounting for LZO is often connected to some speedtests using Flash. For example here: "it is very important to note that using flash-based speed tests like speedtest.net are unrealible for VPN services. This is because VPN services use compression to increase the speed that data flows across the network. Some flash based speed test servers do not properly account for this" (https://vikingvpn.com/speed). More in general it might not be Flash that's the issue, but for speedtest.net its a problem apparently.
But quite happy indeed, especially as I'm using some refurbished Lenovo M700 SFF with a Chinese Ebay Intel I350-T4. Great job for pfsense as well, its unfortunate they switched off the donations.
-
-
Yeah I know, but those are not really that useful for me. I'll just buy some stickers or something ;)
OpenVPN speed has been steady between 700-800 Mbps.
-
Still haven't got a chance read on wiki for tweaks, but added:
Which wiki is that? Looking to optimize my j3355 as well.
-
Do you mind sharing your hardware build/partlist?
I'm looking into purchasing something similar and i like your idle power usage of 13watts.Thanks.
-
Still haven't got a chance read on wiki for tweaks, but added:
Which wiki is that? Looking to optimize my j3355 as well.
Don't know about any wiki, but optimize OpenVPN with fast-io and buffers. Read here:
https://forum.pfsense.org/index.php?topic=130350.0
-
Do you mind sharing your hardware build/partlist?
I'm looking into purchasing something similar and i like your idle power usage of 13watts.Thanks.
Sure, I'm using a prebuild Lenovo M700 SFF that I got really cheap with a platinum rated PSU (to quote Lenovo's website: "ENERGY STAR 6.1, ULE Gold, EPEAT Gold, and 85% efficiency with 80+ Platinum power supply unit", I'm not sure that's saying all that much though). Specs are: Intel G4400 dual core, 4 GB DDR4 memory, it came with a HDD but switched it for a cheap Kingston SSD and I added an Ebay Chinese I350 T4 NIC. I unplugged the CD drive and USB connectors and some other stuff not used. Speedstep is enabled and the CPU is often running around 1.5-2.0 Ghz when idle. Now I've monitored it over a longer time, the average idle power consumption usage has been around 15 watts. The case is really cool as well, usually around 25 degrees.
When building yourself, it's probably best to get a Pico PSU and search for a power efficient motherboard.
-
Speedstep is enabled and the CPU is often running around 1.5-2.0 Ghz when idle. Now I've monitored it over a longer time, the average idle power consumption usage has been around 15 watts. The case is really cool as well, usually around 25 degrees.
You could trying out to enable PowerD (high adaptive) of not done yet, to get perhaps less then 15 watts back.
or did you enable the PowerD (high adaptive) option? -
@BlueKobold:
Speedstep is enabled and the CPU is often running around 1.5-2.0 Ghz when idle. Now I've monitored it over a longer time, the average idle power consumption usage has been around 15 watts. The case is really cool as well, usually around 25 degrees.
You could trying out to enable PowerD (high adaptive) of not done yet, to get perhaps less then 15 watts back.
or did you enable the PowerD (high adaptive) option?It's enabled (high adaptive), forgot to mention that. But if I recall correctly it made no difference at all for me..
-
I have a question regarding your hardware recommendation. I'm just about to complete a DSL contract either 50MBit / s or 100MBit /. I would like to use OpenVPN with 256bit encryption. I would like to have full download speed with VPN because all traffic is used. Do you have a recommendation which hardware can do that? I use it only at home and 95% only with Wi-Fi. anyone a low-cost recommendation? :)
-
I use Astrill, and when i sometimes use utorrent it can download at 22-23MB/ s but avarage is more 17-18 with snort enabled
This is my CPU for the moment as i will wait to upgrade to an xeon and intel mainboard.
-
Intel Pentium Silver J5005 4x1.5 (Turbo to 2.8) TDP 10W -CPU Mark 2987 -Single Thread 1182
3200/9.21 = 347 Mbps (aes-256-cbc)
3200/8.67 = 369 Mbps (aes-256-gcm)Real World VPN running 5 Ubuntu Torrents at once
Nearly half of my Spectrum Gigabit is being used. -
Is that with FastIO enabled and send/rec buffers increased?
Steve
-
@stephenw10 Just FastIO. I have not done any buffer adjustments yet.
-
FastIO made the biggest difference in my testing. Setting the send and receive buffers to 512k did make some improvement. There was little to be gained setting them higher than that. In my test at least. More testing is always good.
Those numbers are pretty good already though.
Steve
