• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Limiting usable bandwidth effeciently with openvpn

Scheduled Pinned Locked Moved Traffic Shaping
3 Posts 2 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mattsu
    last edited by Jul 31, 2017, 10:42 PM

    Hey guys… We have a site to site OpenVPN connection between our main office and a colocation. Because of our bandwidth restrictions, we sort of need to have a hard cap on what our usable bandwidth as it is 20$ a Mbps over we go past our agreement. (Traffic Shaping didn't work correctly once and we had 900$ in overage for a month.)

    Currently, I'm limiting bandwidth using Traffic Shaping. With this method I'm able to limit wan traffic at our colocation down to within about 500Kbps of our cap, but I've noticed that there is a huge disparity in usable speed going through the tunnel. We have 20Mbps and seem to get between 6 and 12 Mbps flowing from the LAN port on the pfsense router at the colo even though we are pretty much at 20Mbps on the wan Constantly... I assume that this is because the vpn client side is resending packets because it's not getting timely responses or something like that.

    The colo firewall is the server our main firewall at the office is the Client. We are sending backups through from our main office to our off-site location..

    What would you guys recommend to actually create a hard limit in a way that won't kill performance of our vpn tunnel when we send large amounts of data from our main office (client) to our offsite location(server)? I did set an bandwidth limit on the client side settings for my vpn tunnel but it randomly stopped working after about a day and that's when we had the 900$ in overage fees.. :( When it was working though it seemed to do the business perfectly...

    1 Reply Last reply Reply Quote 0
    • H
      Harvy66
      last edited by Aug 1, 2017, 1:12 PM

      If the issue is outgoing bandwidth, just enable traffic shaping on the WAN and set your bandwidth. This will keep all egress honoring the limit. I would also recommend using Codel in some fashion. Either by using the Codel scheduler or using HFSC, then enabling Codel on the child queues.

      1 Reply Last reply Reply Quote 0
      • M
        mattsu
        last edited by Aug 1, 2017, 2:34 PM

        Do you mean enable traffic shaping on the Wan of the Client side(main office)? Or the Off-Site(server) side? I have traffic shaping enabled on the wan of the Server Side and that is definitely capping the bandwidth, but it seems to be super inefficient. :/ I'm getting 20mbps worth of traffic on the wan and only about 10mpbs actually going through the tunnel.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received