pfsense as OpenVPN server, why slow speed?

JKnott

@johnpoz said in pfsense as OpenVPN server, why slow speed?:

Different locations means what exactly? Local to your vpn server or at some remote location with limited down/up internet speed along with different latency... Which is going to effect your speeds.

Of course, if you're at a different location from the pfSense firewall and trying to access a site elsewhere, then the traffic has to pass through the internet connection twice, once in the tunnel and again when going out to the Internet. That alone will cut bandwidth in half. I have 2 ways to test that avoids this problem. First, I have a spare port on my firewall, which I can connect a computer to and my cable modem also supports 2 connections, so I can plug in there and be entirely outside of my firewall.

Skippern12

Hi

Tried with iperf3 now.

Without VPN it measures 800Mbit
With VPN I get only 25 to 35 Mbit

Derelict

You said 300/300 in the OP now you're saying 800? Which is it? Makes people think you're not testing what you think you're testing.

Skippern12

iperf tests was done local, not over the internet.
800/800 is directly between pc's used for test (LAN), this verifies that the pc's are good.
When I put the pfsense between the two PC's, I get poor results

Skippern12

Update:
Upgraded to v 2.4.3 and added UDP Fast I/O and Send/Rec buffer 2mb. Now I get 37mbps (iperf), some improvement, but I think it should be possible to improve more?

Derelict

What is your CPU doing while you're testing.

top -aSH while it is running should give you some insight.

What is the testing configuration now?

Skippern12

Not able to test right now with the command you suggest, when I monitored cpu usage in pfsense web interface, it was showing 4-5% openvpn and almost 95% idle.

Test configuration is two computers with iperf
Software.
One computer connected to LAN side og pfsense and the other to WAN. Using UDP OpenVPN to tunnel with AES128-CBC snd Sha1.

Derelict

OK so you have no idea if you are testing the firewall's OpenVPN capabilities or the client's in that scenario.

Skippern12

@skippern12 said in pfsense as OpenVPN server, why slow speed?:

hardware

It could of course be a client problem, but I have tested with different laptops so I thing the problem is on the server side.

Skippern12

Just configured L2TP/IPSEC and did a test from a Laptop with Windows 10 using Windows 10 built in VPN Client software.
Test was done with laptop connected to Wifi and I got around 70mbps with Iperf over the VPN tunnel.
Pfsense CPU load was around 6% during test.

This is twice as fast as OpenVPN and even not a proper test since it was done over wifi.

Can't understand why OpenVPN is so slow...

lonblu

@skippern12 still slow on latest version to date... using openvnp connect on Android 12... and on server UDP with 128 data encryption (minimun).. I can't exchange big files (above 500 KB), I get timeout