4. Openvpn extrem slow even without Excryption on 2 1GB/s connections

Openvpn extrem slow even without Excryption on 2 1GB/s connections

  • G

    Hello

    Here i have 2 Servers within 2 Datacenters  (Storage place) with 1 1GB Connectsions to the net.

    When i do i Iperf (without VPN betwenn this 2 PFsense Devices i get: arround 700-800Mbit/s

    Wen i do same tests with iperf within the openVPN of this 2 Devices i get arround 130-150Mbit/s

    Even when i disable Excryption for testing i dont get much more then 170Mbit/s

    I played arround with some Settings found on the Net

    I played with different MTU Sices Fragmentation, Rx/TX Buffer  but nothing realy speed up the connection.

    I can  understand that i dont get the max rate (700-800Mbits/s) but 150Mbit´s seem to much too low…

    I played with some advanced settings as i wrote for hours but nothing realy speed up VPN dramaticaly - also if i disable Encryption

    I dont undertand this issue ...

    Can anyone help me ?

    Best regards

    CU
    GTR

    0
  • Rebel Alliance Developer Netgate

    OpenVPN, by its nature, is slow. There is a lot of context switching and using tun the way it does takes it along a very inefficient path compared to IPsec.

    You'll need to be specific about exactly which options you have in use on the VPN on both sides or nobody can offer better suggestions than what you may have already tried.

    One thing you didn't mention, though, assuming it's pfSense (or at least UNIX) on both sites, and using UDP, you should try "fast-io" in the advanced options.

    0
  • G

    Hi

    First of all - Thanks for your Post and your Information.

    I made some more Tests with your Hint "FastIO" and Buffer Settings then i get over 82Mbit on a 100Mbit Connection and over 280Mbit on a 1Gbs Connection - so thats not bad.

    I also figured out that IPSEC is a little Bit Faster (site 2 site with Pfsense - same hardware same Wan same NET) - i did some tests and on the 1GBps WAN Connection i get with ipsec arround 380Mbps.

    But i can live with the Speed of openvpn and it s more easy to configure and forward…

    I have a additional Question:  Can i do "Routing" between different Subnets on different Openvpn Site2Site Connections ?

    So for example:

    Client Network1:  192,168,10,1/24
    Client Network2:  192,168,11,1/24
    Client Network3:  192,168,12,1/24

    All This Networks have its own pfsense and all are connected to a Server Pfsense - Network: 192.168.100.0/24

    All is done with Site2Site so: every Device in every Client Network (1-3) can ping each device on the Server Network
    Also each device on the Server Network can ping each Device on each Client Network

    But i also want that each Device of Client Network1 can reach each device of Client Network3.

    Is there a way to  configure pfsense (ovpnclient and ovpnserver) that the server route the request from Client Network1 to Client Network3 and in the other direction ?

    Or do i have to make a extra VPN Connection betwen this 2 Networks ?

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy