OpenVPN - poor performance 2.3.1 p1
-
Hello guys.
I've recently installed pfSense 2.3.1 for the sole purpose of using it as the OpenVPN server for road warriors. The pfSense is running as a virtual machine on KVM hypervisor with 4 CPUs (2GHz each) and 2GB RAM. I have one WAN and one LAN interfaces. The WAN is 1gbit/s link at the data centre and after checking the link, it can indeed deliver around 100MB/s (megabytes per second). A typical speed test would show me over 400mbit/s up/down with about 1-2ms delay.
I've configured the openvpn server following online documentation and I can successfully connect from my client (tried windows and linux clients). Both clients are not able to get more than 1MB/s (megabyte/s), with average speed around 500-700KB/s. The client's internet speed is 80mbit/s down and 20mbit/s up.
Here is what I've tried so far to determine the cause of the slow performance (each change was followed by the OpenVPN service restart and redownload of the client configuration):
1. Switched from UDP to TCP
2. Switched port from 1194 to 443 (both tcp/udp)
3. added Advanced settings for "tun-mtu 1500" and "mssfix 1400"
4. switched to AES-128-CBC instead of the default 256 bitNone from the above increased the speed (switching to TCP has actually decreased the speed even further to about 300-500KB/s).
As a comparison, I have an old Endian firewall connected to the same WAN link, which is capable of saturating my client link with 8.9MB/s (megabytes/s) over OpenVPN with the same settings. Also, I have a test vm which I use for SSH VPN service, which is also saturating my link with 8.9MB/s.
I've also upgraded to the latest 2.3.1_p1, which didn't make a difference for the OpenVPN speed.
Could someone please help me to get the OpenVPN speed to usable levels?
Many thanks
Andrei
-
Anyone has any ideas on how to improve the performance of OpenVPN service? Due to performance issues it is not usable out of the box. What options am I missing or haven't set?
As a test, I've just created a new vm with identical specs as the pfSense server. Installed Endian 3.2 beta 1 and configured the OpenVPN service. No speed issues what so ever. The client side link could be easily saturated with 9MB/s (megabyte) throughput over openvpn.
Need some help figuring out where is the bottleneck.
Thanks
-
Hi,
I'm having similar OpenVPN issues since v2.3.1
https://forum.pfsense.org/index.php?topic=110715.0
When I'm applying the following parameters at the server and client side
tun-mtu 1200; fragment 1000; mssfix
The problem is gone but then I'm receiving disconnects very often from the server.
Greetings from germany
Steve
-
in the OpenVPN Client you could try to increase the TCP/UDP socket send and receive buffers size, adding at bottom of the "Custom options" these two lines:
sndbuf 524288
rcvbuf 524288Furthermore, only if you're running an UDP connection, you could add even this:
fast-io -
Never used KVM, but under ESX I got better results with fragment 0 and snd/rcvbuf magik.
Also - be sure to test without encryption at all, to be sure what you got all you can at ovpn link level. -
i've read that KVM & freebsd don't mix well, performance wise.
have you browsed this? https://forum.pfsense.org/index.php?topic=88467.0