Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Very poor OpenVPN performance

    OpenVPN
    5
    7
    3731
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 0
      0x10C last edited by

      Hey guys I'm paying for a public VPN service, so I don't control the server side only the client side.

      The problem I'm having is when I use the OpenVPN Client on my desktop or laptop computers the speed is excellent around 200Mb/s consistently.

      But when I use the OpenVPN Client in PFSense the speed is very low, 5-10Mb/s and if it gets any higher (30-40Mb/s) I get huge amounts of packet loss and very high latency being reported in the PFSense Status Page.

      Here are two speed tests to illustrate the problem:


      I did these tests within the same minute late at night when the network should have no congestion so you can really see the problem. Both my Windows/Mac OpenVPN Client and the PFSense Client are setup the same except for one difference, the Windows one uses a TAP interface and the PFSense is using a TUN interface. Apart from that they're both using UDP, same port number, same level of compression, same server that they connect to and of course through the same modem and the same ISP on my side. I have tried using OpenVPN over TCP instead and the results are identical.

      Does anyone have any thoughts about what this could be? I'm also going to list my router specs although I think it's beefy enough to handle much higher speeds than this.

      The router is running an Intel Haswell G3220 Pentium chip (3GHz Dual Core with 3MB Cache). 16GB of DDR3 Memory, on-board Intel NIC on the motherboard (WAN) and another Intel NIC in one of the PCIe slots (LAN). The system I'm using for both of those speed tests also has Intel NIC's from an X79 motherboard. It is equpped with a 3930K and 32GB of DDR3.

      When doing the speed test on PFSense the CPU load is only around 10-15% and the RAM usage is like 2GB out of 16GB. So I'm really not thinking it's the hardware but some kind of configuration issue or some setting I'm overlooking.

      By the way I'm still using PFSense 2.2.6 - I've not yet upgraded to the latest version but I do plan to soon.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        mozg31337 last edited by

        I have a very similar issue on 2.3.1 p1. I will open another thread for that as we are dealing with different pfSense versions.

        1 Reply Last reply Reply Quote 0
        • M
          mozg31337 last edited by

          Did you manage to figure out the reason behind the performance problems? If so, could you please share what you've done?

          1 Reply Last reply Reply Quote 0
          • N
            noor last edited by

            same issue facing in latest version i think this is the bug which should be reported to the developers ASAP.

            1 Reply Last reply Reply Quote 0
            • N
              noor last edited by

              Are you using IDP in PFsense if it is free version then it may be the reason.

              1 Reply Last reply Reply Quote 0
              • M
                mevans336 last edited by

                That chip doesn't support AES-NI, that's one of the big issues.

                http://ark.intel.com/products/77773/Intel-Pentium-Processor-G3220-3M-Cache-3_00-GHz

                1 Reply Last reply Reply Quote 0
                • M
                  mauroman33 last edited by

                  @0x10C

                  in the OpenVPN Client you could try to increase the TCP/UDP socket send and receive buffers size, adding at bottom of the "Custom options" these two lines:

                  sndbuf 524288;
                  rcvbuf 524288

                  About the OpenVPN capability of the CPU you could run the simple OpenVPN benchmark formula referenced here:
                  https://forum.pfsense.org/index.php?topic=105238.msg616743#msg616743 in the Reply #9 message

                  If I execute the command on my router with a Celeron N3150 I get
                  27.41 real        25.62 user        1.77 sys

                  (3200 / 27.41) = 117 Mbps OpenVPN performance (estimate)

                  This value perfectly fits to the result of the speed test


                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy