pfSense and OpenVPN speeds
-
re: hardware, "it depends"...on CPU, hardware acceleration, encryption options used, etc. This may help somewhat: https://docs.netgate.com/pfsense/en/latest/book/hardware/hardware-sizing-guidance.html#vpn-all-types
-
Wouldn't it be possible to use WireGuard instead? https://www.freshports.org/net/wireguard/ Afaik. it is a lot faster than OpenVPN and it reached 1.0 half year ago, so it should be stable and secure enough.
-
@teamits I asked my VPN provider about speed with the i7 processor and they are telling me that I should have no problem hitting 100mps with that hardware. I also asked them if they are throttling, and they said no.
Am am hitting 230mps on a constant basis, outside the VPN. Still trying to understand why I'm unable to get at least 200mbs using what it appears to be adequate hardware. This is a commercial VPN provider, and if they are not throttling, then why?
@inf3rno Is WireGuard able to be installed on top of pfSense, like OpenVPN?
-
@Morpheus101 I have no idea. I know that it can be installed on FreeBSD, and pfSense is FreeBSD based. So maybe. I guess trying it does not hurt. VPN speed depends on the number of the users too. If you don't have many parallel connections and your hardware is capable, then something else causes the low speed.
-
@teamits said in pfSense and OpenVPN speeds:
I'm curious why the SG-3100 tested slower than the SG-1100?
It does look like an anomaly but it's almost certainly because OpenSSL compiled for aarch64 can take advantage of the additional instructions available there. Both those numbers seem low though.
Wireguard cannot, yet, easily be added to pfSense. I believe there is a thread detailing it here but it is all manual at this point. No gui config. Nothing backed up etc.
Steve
-
@stephenw10 said in pfSense and OpenVPN speeds:
Both those numbers seem low though.
Are there any Netgate lab numbers around? No matter official or unofficial.
Like OpenVPN SSL/TLS between two SG-5100, settings used for TLS key, Encryption Algo, Auth digest and so on and the speed to expect?-Rico
-
@Rico
This has IPSec numbers: https://www.netgate.com/products/appliances/This has a chart at the bottom for TNSR but shows pfSense on a SG-5100: https://www.netgate.com/blog/choosing-the-right-netgate-appliance.html
-
Yes...but this thread is about OpenVPN @pfSense.
Impossible to relate anything for OpenVPN with IPsec numbers...-Rico
-
I expect to see over 100Mbps on the 3100 if you are using a CESA supported cipher, which AES-CBC should be.
I would also expect to see over 125Mbps on the 1100 using AES-GCM.
There are many variables etc!
Steve
-
Well I don‘t care about 5-10Mbps VPN traffic more or less.
Only would see a problem if you say like in your testings the speed is double or 1/3 more. :-)-Rico