Pfsense OpenVPN Server poor udp performance
-
Didn't want to necro any of the old topics from 2016 "https://forum.pfsense.org/index.php?topic=113521.0" etc, even though this might be related.
So I was experiencing slow 1Mbit! openvpn performance on 100/10mbit link, also I had packet drops.
I fixed it for me with changing port to TCP and adding sndbuf 393216;rcvbuf 393216; buffer attributes to client conf.HW
QOTOM-Q355G4
CPU is i5-5250u aes-ni
4 x Intel I211-AT- 101001000
WAN 100/10 MbitMy pfsense openvpn server settings were
pfsense 2.3.4 p1
aes-256-cbs
tun
bsd crypto engine
port 1194Client windblows
tried to figure out and correct possible mtu problems.
-
ping -f -l 1472 was the last succeful packet
-
mtu-test gave: NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1557,1557] remote->local=[1557,1557]
-
tried mssfix + fragment 1200,1300,1400 settings
no help -
Disabled system -> advanced -> networking -> "Hardware Checksum Offloading"
no help -
changed vpn server wan port to 11994, 443
no help
-changed to tcp
speed increased to 6Mbit..wow-
changed many different encryption settings / hw-acceleration settings
no affect, cpu was on 0-1% anyway -
tested this
openvpn –genkey --secret /tmp/secret
time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
which gave 12sec / 266Mbit result
Finally adding this to client ovpn conf file to the end:
sndbuf 393216;
rcvbuf 393216;
push "sndbuf 393216";
push "rcvbuf 393216";
raised the badwith to iperf 33Mbit/s | file transfer to 30Mbit/10Mbit. ~3.5MB/sec upload (from client side) 1MB/sec download (from client side). CPU usage on ~3.5MB/sec file transfer is ~3%.
Iperf comparsion attached.
Hope this helps somebody else as it took day to figure out :D
I still wonder why UDP is so slow? :o
edit. corrected some typos
- this system tunable I also added:
net.inet.ip.fastforwarding OpenVPN speedup 1
Don't know if it had any affect..
-