4. OpenVPN: bandwidth problem (site to site)

OpenVPN: bandwidth problem (site to site)

  • D

    Hello,

    I am experiencing bandwidth problems between two sites connected via OpenVPN,

    The physical context:
    -The pfsense are each connected to a switch in order to pass through an open fiber link (no flow restriction, via 1Gbps fiber module), via a 1 Gbps Ethernet link.
    -Behind each pfSense is the LAN of each site.
    -The two pfSense are SG-8860 (https://store.pfsense.org/SG-8860-1U/)

    Software context:
    -The two sites are connected via an OpenVPN Tunnel (see below the configuration)

    The problem :
    -I can not exceed 20MB / s (~ 160Mbps) in LAN-to-LAN between the two sites, via the pfSense VPN.
    If I connect 2 PCs directly on switches 1 and 2, I reach an average throughput of 80 MB / s in file transfer (~ 640Mbps)

    I do not understand why I have such a loss by going through the VPN of my pfSense (even by adding the encryption part).
    So I wonder if my configuration is not optimal.

    Regarding the VPN configuration, this is what it contains:
    Pfsense1 (server mode):

    PfSense2 (client mode):

    Server type : Peer to Peer (Shared Key)
    Protocol : UDP
    Device mode : tun
    Port : 9876

    -I have activated on both pfSense the AES-NI CPU-based Acceleration (which supports AES-CBC, AES-XTS, AES-GCM, System Advanced Miscellaneous)

    • Encryption Algorithm used : AES-256-CBC (256-bit)
      -Auth digest algorithm used : SHA1 (160-bit)
      -Hardware Crypto: BSD cryptodev engine – RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC
      -Hardware Compression: Enabled with Adaptive Compression

    I made tests by modifying the parameters of cryptography as well as the port used and the result of flow remains the same (18 m / s) (gain of 4 m / s without sha1).

    As for the more advanced parameters such as the MTU interface, I left that so, so 1500 MTU on the routers (on the switches we have a MTU of 1512 by default).

    At each test the CPU never exceeds 20% usage.

    In my configuration there is something that seems badly configured and that could cause this low bit rate. Or is there any other limitation ?

    Thank you for your help.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy