Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Load Balanced OpenVPN Tunnels

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mscaff
      last edited by

      Hi guys,

      How easy is it to setup a load balanced setup for OpenVPN?

      I currently have a 100Mbit line, only get about 50Mbit through VPN (CPU usage at 30%) - I'd like to consider adding another VPN point to point and load balancing over the two?

      For reference, my current setup:

      • Point to point VPN configured between PF and a remote location, no-pull, few custom options for performance.

      • OpenVPN interface (OVPN_INTERFACE) bound to the point to point VPN service (for lack of a better explanation)

      • Firewall rule (policy route) on LAN outbound specifies any traffic originating from 10.1.1.2, use the default gateway (OVPN_INTERFACE), as well as being tagged NO_WAN_EGRESS

      • Outbound NAT rule on OVPN_INTERFACE, any traffic matching 10.1.1.0/24 will be translated by NAT.

      • Floating point rule on Outbound WAN, any traffic matching tag NO_WAN_EGRESS is dropped.

      –--------------------------------

      Cheers

      1 Reply Last reply Reply Quote 0
      • D
        datdamnmachine
        last edited by

        @mscaff:

        Hi guys,

        How easy is it to setup a load balanced setup for OpenVPN?

        I currently have a 100Mbit line, only get about 50Mbit through VPN (CPU usage at 30%) - I'd like to consider adding another VPN point to point and load balancing over the two?

        For reference, my current setup:

        • Point to point VPN configured between PF and a remote location, no-pull, few custom options for performance.

        • OpenVPN interface (OVPN_INTERFACE) bound to the point to point VPN service (for lack of a better explanation)

        • Firewall rule (policy route) on LAN outbound specifies any traffic originating from 10.1.1.2, use the default gateway (OVPN_INTERFACE), as well as being tagged NO_WAN_EGRESS

        • Outbound NAT rule on OVPN_INTERFACE, any traffic matching 10.1.1.0/24 will be translated by NAT.

        • Floating point rule on Outbound WAN, any traffic matching tag NO_WAN_EGRESS is dropped.

        –--------------------------------

        Cheers

        Load balancing may not be the answer.  You may want to see if you have a physical, network, or ISP issue first.  First question being:

        Do you have a 100Mbit line on both ends?
        Are the download/upload speeds the same?  If not, what are they on each side?
        What type of speeds do you get if you direct connect a laptop to the each connection and run some basic Internet speed tests?

        1 Reply Last reply Reply Quote 0
        • M
          mscaff
          last edited by

          100/40 connection - 100/400 speeds off the VPN, about 50/20 through the VPN.

          It's clearly a provider issue - you generally never get an OpenVPN provider that can maintain close to 100Mbit/s downstream.

          –---------------------------------

          What's the next step from here? - anyone know how to load balance OpenVPN tunnels?

          1 Reply Last reply Reply Quote 0
          • P
            pfBasic Banned
            last edited by

            @mscaff:

            you generally never get an OpenVPN provider that can maintain close to 100Mbit/s downstream.

            Eh, in what part of the world? My VPN provider can max my 150/10Mbps connection on a single thread.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.