Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Minimum CPU for 1Gbps OpenVPN?

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JimPhreak
      last edited by

      I'm going to assume my Celeron J1900 will not be able to handle Gigabit OpenVPN (AES-256-CBC/SHA256) since when I saturate the current line  (100Mbps) the CPU usage hits 30-32%.  So my question is, what is the minimum CPU needed to be able to saturate 1Gbps OpenVPN (AES-256-CBC/SHA256)?

      On a related question, would I be better off just getting a CPU that has AES-NI and using IPSec instead?

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Well - You are right.  It will not do it.

        However, to understand your max bandwidth you can run a vpn server and client on your local network assuming it is a gigabit network and then test the throughput.

        Id get the fastest AES-NI cpu you can find…  On both ends.

        1 Reply Last reply Reply Quote 0
        • J
          JimPhreak
          last edited by

          @kejianshi:

          Well - You are right.  It will not do it.

          However, to understand your max bandwidth you can run a vpn server and client on your local network assuming it is a gigabit network and then test the throughput.

          Id get the fastest AES-NI cpu you can find…  On both ends.

          Thanks I will test that.  I have a C2758 on the other end I'm hoping to use.

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            https://medium.com/@dEad0r/measuring-performance-of-site-to-site-vpn-tunnels-between-pfsense-vms-b484ba425aff

            I found this interesting reading.

            C2758  is a great and reliable processor - But it's no beast.  However I do seem to remember it being able to run fast as an ipsec vpn.

            1 Reply Last reply Reply Quote 0
            • J
              JimPhreak
              last edited by

              @kejianshi:

              https://medium.com/@dEad0r/measuring-performance-of-site-to-site-vpn-tunnels-between-pfsense-vms-b484ba425aff

              I found this interesting reading.

              C2758  is a great and reliable processor - But it's no beast.  However I do seem to remember it being able to run fast as an ipsec vpn.

              Interesting read indeed.  Yea I think I'm going to need to create an IPsec tunnel to get line speed for sure.  I'll test out my C2758 this weekend between it and a pfSense VM on my Xeon D-1541 and see what kind of results I get.

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi
                last edited by

                I'm pretty sure the pfsense guys tested that and got 1gb up and down between boxes on a LAN.  Should be nice and fast.  You will not see those speeds with openvpn for sure.  Its just not a fast enough processor.

                1 Reply Last reply Reply Quote 0
                • J
                  JimPhreak
                  last edited by

                  @kejianshi:

                  I'm pretty sure the pfsense guys tested that and got 1gb up and down between boxes on a LAN.  Should be nice and fast.  You will not see those speeds with openvpn for sure.  Its just not a fast enough processor.

                  What are the cons to migrating to IPsec vs OpenVPN?

                  1 Reply Last reply Reply Quote 0
                  • K
                    kejianshi
                    last edited by

                    Openvpn is simple and port flexible.  IPsec is pretty much the opposite of that.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.