Asus N3050I-C for OpenVPN (100MBIT WAN)
-
I confirm that 115Mbps are the limit of a Celeron N3150, even with AES-NI active and those lines in OpenVPN Custom Options.
300Mbps were related to a Celeron J3355.Thanks buddy. Little disappointed. I was hoping for 165Mbps. BTW check this out. This guy changed send and recieve windows not sure what speed boost he got from it. Did you try it?
" I also changed net.inet.tcp.recvspace & net.inet.tcp.sendspace (under System -> Advanced -> System Tunables) to max 2048K (=2097152 bytes)"
https://forum.pfsense.org/index.php?topic=112877.msg788565#msg788565
Do you know any NUC boxes (lowed powered boxes with no noise fans) that host this Celeron J3355 or other better cpu with AES-NI ext???
-
What encryption settings are you using?
AES-GCM will be faster the CBC+auth. It's faster even with auth but you don't need that with GCM as it's built in.
Are you sure your CPU is using it's turbo mode correctly?
Steve
-
I confirm that 115Mbps are the limit of a Celeron N3150, even with AES-NI active and those lines in OpenVPN Custom Options.
300Mbps were related to a Celeron J3355.Thanks buddy. Little disappointed. I was hoping for 165Mbps. BTW check this out. This guy changed send and recieve windows not sure what speed boost he got from it. Did you try it?
" I also changed net.inet.tcp.recvspace & net.inet.tcp.sendspace (under System -> Advanced -> System Tunables) to max 2048K (=2097152 bytes)"
https://forum.pfsense.org/index.php?topic=112877.msg788565#msg788565
Do you know any NUC boxes (lowed powered boxes with no noise fans) that host this Celeron J3355 or other better cpu with AES-NI ext???
Yes, same values here.
You could take a look on something like that
https://www.amazon.com/ZOTAC-i5-6300U-Bluetooth-Barebones-ZBOX-CI545NANO-U/dp/B071P596LH/ref=sr_1_1?ie=UTF8&qid=1520466138&sr=8-1&keywords=ci545&th=1 -
What encryption settings are you using?
AES-GCM will be faster the CBC+auth. It's faster even with auth nut you don't need that with GCM as it's built in.
Are you sure your CPU is using it's turbo mode correctly?
Steve
Steve this is what i'm using. Yes ext are active. I don't have VPN yet but am in process of getting it. My vpn will have GCM 128 and 256.
My impression was AES-NI was suppose to help exponentially in Mbps speeds not linearly. I'm seeing some other ppl with same CPU 1.8Ghz but newer process pushing 300Mbps.
Something doesn't make sense here. 200Mhz would not double the speed. It has to be AES-NI or special tweaks. Also my N3150 is quad core but i'm hearing vpn is single threaded.
Celeron-Processor-J3355 doing 300Mbps is only 400Mhz faster then my cpu. 400Mhz will not double the speed in Mbps. Something else is here in play. Inconsistent PIA servers perhaps?
I will not be on PIA also btw.https://ark.intel.com/products/95597/Intel-Celeron-Processor-J3355-2M-Cache-up-to-2_5-GHz
-
What encryption settings are you using?
AES-GCM will be faster the CBC+auth. It's faster even with auth nut you don't need that with GCM as it's built in.
Are you sure your CPU is using it's turbo mode correctly?
Steve
Steve how do i enable turbo mode? Is that in bios settings?
Edit found it and enabled in bios for turbo. Pfsense still shows 1.6GHZ tho as it should as that's burst mode only
-
hey guys check this out. In openvpn documentation it shows that tweaks not cpu cycles increase throughput but problem is that vpn provider won't allow you to change MTU size beyond 1500
https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
-
My impression was AES-NI was suppose to help exponentially in Mbps speeds not linearly. I'm seeing some other ppl with same CPU 1.8Ghz but newer process pushing 300Mbps.
Something doesn't make sense here. 200Mhz would not double the speed. It has to be AES-NI or special tweaks. Also my N3150 is quad core but i'm hearing vpn is single threaded.
Celeron-Processor-J3355 doing 300Mbps is only 400Mhz faster then my cpu. 400Mhz will not double the speed in Mbps. Something else is here in play. Inconsistent PIA servers perhaps?
I will not be on PIA also btw.https://ark.intel.com/products/95597/Intel-Celeron-Processor-J3355-2M-Cache-up-to-2_5-GHz
A Celeron N3150 is two years older than a Celeron J3355 that has a better implementation of AES-NI, I think isn't just matter of Mhz…
-
I just signed up with vpn and did my own testing and compared to this guy here. AES-NI does not work at all. It offers ZERO assist. Not one 1Mbs.
I've proven it here. I have doubled my cpu power over my asus 87u and it doubled my speed but look at this other guy results. https://forum.pfsense.org/index.php?topic=139926.0
-
What settings are you using?
AES-NI will be accelerating almost every setting to some extent. To test it's effects accurately you will need to enable/disable it in the BIOS though.
The Turbo mode is show as 1601MHz vs 1600MHz for non-turbo.
Steve
-
What settings are you using?
AES-NI will be accelerating almost every setting to some extent. To test it's effects accurately you will need to enable/disable it in the BIOS though.
The Turbo mode is show as 1601MHz vs 1600MHz for non-turbo.
Steve
Steve thanks for feedback. AES-NI is enabled as you can clearly see in screenshot of pfsense that it says it's active to yes it's active in bios and should work. Turbo i enabled last night in bios but that will never take effect as one would have to max out cpu to 100% for turbo to kick it. My cpu maxes out 50% in pfsense during encryption testing so it will never get there. But to your point it shows in pfsense as 1601 so turbo is enabled as well. Look
I have chosen freebsd hardware acceleration in both vpn client and under networking in advanced options which boosted my Mbps by 10Mbps but i max out at 120Mbs now. It won't do more. It's all about
CPU cycles from what i see. I commented on this more here. Let me know your thoughts if you want. I think CPU cycle rate needs to be 3Ghz for ideal setup. Those AMD APU A10 7800k are 4.0Ghz and
are cheap enough but how to chose motherboard with 2 nics, ideally intel onces in mini itx form. I have 2 1gb realtek once and have no problem at all with them in pfsense like some suggest they do. They do their job.
https://forum.pfsense.org/index.php?topic=139926.msg788801#msg788801
This thread is also right on the money but it's 2 yrs old now so not ideal hardware anymore. That last celeron is cheap but i can't seem to find nuc or motherboard in itx form for it. I think ideal would be AMD A10 APU. Low power and high cycle rate but not sure about mini itx motherboard with 2 nics and what case. Etc. Then again that AMD doesn't have AES-NI so when pfsense 2.5 comes out it will become obsolete without those instructions. So scratch AMD without AES-NI too. This is a quest.
https://forum.pfsense.org/index.php?topic=115673.0
-
If you are seeing CPU usage at 50% overall then it's likely at least one of your 4 CPU cores is at 100%. To see the full break down of cpu usage across cores run at the command line:
top -aSHIf one core is at 100% it should be running in Turbo mode.
Specifically which A10 CPU were you looking at? As far as I know most of those support AES instructions. AMD have been shipping processors that will be supported in 2.5 since 2010.
https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.htmlWithout seeing te exact settings you're running it's hard to comment further. It seems likely you should be able to see more bandwidth from that CPU though. In the thread you linked Pippom reports 160Mbps from that same CPU with higher encryption settings.
Steve
