openvpn performance issue after update to 2.5

denndsd · Jun 25, 2021, 6:21 PM

Hi together,

today i updated my pfsense to the latest version.
Also i updated the openvpn package to 2.5
So now, i have the latest version on it.
My problem , the performance is sooo slow.
At home i have a 500 Mbit Cable connection , on my server at the datacenter there is a 1 gbit connection,
So i am using an virtualized pfsense on a vmware esxi.
on the esxi is hyper threading active an nested virtualization.
At home i am using my intel xeon 2620 dedicated server as a hardware firewall.
The connection is up, but i only get around 50 mbps.
My settings:

Encryption: AES-128-CBC
HASH: SHA1
Compression: no
Hardware Crypto: Intel RAND

buffer size: 512kb ( i also changed but nothing happen)

Any idea whats wrong ?

I also tried to change the tun-mtu but this is also not correct.

The firewall have 4GB RAM , 4 Cores CPU.
The cpu is alway in idle when traffic is running through.

Thanks

Br

Christian

Panoptic · Jun 25, 2021, 10:38 PM

Have you tried setting your hardware crypto to none so AES-NI can handle it?

denndsd · Jun 26, 2021, 8:49 AM

@panoptic yes I also tried this.
But no change.

Panoptic · Jun 26, 2021, 6:31 PM

It may have something to do with the Scepter/Meltdown mitigations in the newer bsd kernel. Might be time to upgrade to a newer CPU.

denndsd · Jul 7, 2021, 7:47 PM

@panoptic but the CPU is only used around 20 %

knothing · Jul 7, 2021, 7:47 PM

@denndsd , have you tried to disable all mitigation settings?
I had similar problem, which I managed to sort out only with downgrade to 2.4.