4. OpenVPN - poor performance 2.3.1 p1

OpenVPN - poor performance 2.3.1 p1

  • M

    Hello guys.

    I've recently installed pfSense 2.3.1 for the sole purpose of using it as the OpenVPN server for road warriors.  The pfSense is running as a virtual machine on KVM hypervisor with 4 CPUs (2GHz each) and 2GB RAM. I have one WAN and one LAN interfaces. The WAN is 1gbit/s link at the data centre and after checking the link, it can indeed deliver around 100MB/s (megabytes per second). A typical speed test would show me over 400mbit/s up/down with about 1-2ms delay.

    I've configured the openvpn server following online documentation and I can successfully connect from my client (tried windows and linux clients). Both clients are not able to get more than 1MB/s (megabyte/s), with average speed around 500-700KB/s. The client's internet speed is 80mbit/s down and 20mbit/s up.

    Here is what I've tried so far to determine the cause of the slow performance (each change was followed by the OpenVPN service restart and redownload of the client configuration):
    1. Switched from UDP to TCP
    2. Switched port from 1194 to 443 (both tcp/udp)
    3. added Advanced settings for "tun-mtu 1500" and "mssfix 1400"
    4. switched to AES-128-CBC instead of the default 256 bit

    None from the above increased the speed (switching to TCP has actually decreased the speed even further to about 300-500KB/s).

    As a comparison, I have an old Endian firewall connected to the same WAN link, which is capable of saturating my client link with 8.9MB/s (megabytes/s) over OpenVPN with the same settings. Also, I have a test vm which I use for SSH VPN service, which is also saturating my link with 8.9MB/s.

    I've also upgraded to the latest 2.3.1_p1, which didn't make a difference for the OpenVPN speed.

    Could someone please help me to get the OpenVPN speed to usable levels?

    Many thanks

    Andrei

    0
  • M

    Anyone has any ideas on how to improve the performance of OpenVPN service? Due to performance issues it is not usable out of the box. What options am I missing or haven't set?

    As a test, I've just created a new vm with identical specs as the pfSense server. Installed Endian 3.2 beta 1 and configured the OpenVPN service. No speed issues what so ever. The client side link could be easily saturated with 9MB/s (megabyte) throughput over openvpn.

    Need some help figuring out where is the bottleneck.

    Thanks

    0
  • L

    Hi,

    I'm having similar OpenVPN issues since v2.3.1

    https://forum.pfsense.org/index.php?topic=110715.0

    When I'm applying the following parameters at the server and client side

    tun-mtu 1200; fragment 1000; mssfix

    The problem is gone but then I'm receiving disconnects very often from the server.

    Greetings from germany

    Steve

    0
  • M

    in the OpenVPN Client you could try to increase the TCP/UDP socket send and receive buffers size, adding at bottom of the "Custom options" these two lines:

    sndbuf 524288
    rcvbuf 524288

    Furthermore, only if you're running an UDP connection, you could add even this:
    fast-io

    0
  • P

    Never used KVM, but under ESX I got better results with fragment 0 and snd/rcvbuf magik.
    Also - be sure to test without encryption at all, to be sure what you got all you can at ovpn link level.

    0
  • H

    i've read that KVM & freebsd don't mix well, performance wise.

    have you browsed this? https://forum.pfsense.org/index.php?topic=88467.0

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy