Minimum CPU for 1Gbps OpenVPN?
-
I'm going to assume my Celeron J1900 will not be able to handle Gigabit OpenVPN (AES-256-CBC/SHA256) since when I saturate the current line (100Mbps) the CPU usage hits 30-32%. So my question is, what is the minimum CPU needed to be able to saturate 1Gbps OpenVPN (AES-256-CBC/SHA256)?
On a related question, would I be better off just getting a CPU that has AES-NI and using IPSec instead?
-
Well - You are right. It will not do it.
However, to understand your max bandwidth you can run a vpn server and client on your local network assuming it is a gigabit network and then test the throughput.
Id get the fastest AES-NI cpu you can find… On both ends.
-
Well - You are right. It will not do it.
However, to understand your max bandwidth you can run a vpn server and client on your local network assuming it is a gigabit network and then test the throughput.
Id get the fastest AES-NI cpu you can find… On both ends.
Thanks I will test that. I have a C2758 on the other end I'm hoping to use.
-
https://medium.com/@dEad0r/measuring-performance-of-site-to-site-vpn-tunnels-between-pfsense-vms-b484ba425aff
I found this interesting reading.
C2758 is a great and reliable processor - But it's no beast. However I do seem to remember it being able to run fast as an ipsec vpn.
-
https://medium.com/@dEad0r/measuring-performance-of-site-to-site-vpn-tunnels-between-pfsense-vms-b484ba425aff
I found this interesting reading.
C2758 is a great and reliable processor - But it's no beast. However I do seem to remember it being able to run fast as an ipsec vpn.
Interesting read indeed. Yea I think I'm going to need to create an IPsec tunnel to get line speed for sure. I'll test out my C2758 this weekend between it and a pfSense VM on my Xeon D-1541 and see what kind of results I get.
-
I'm pretty sure the pfsense guys tested that and got 1gb up and down between boxes on a LAN. Should be nice and fast. You will not see those speeds with openvpn for sure. Its just not a fast enough processor.
-
I'm pretty sure the pfsense guys tested that and got 1gb up and down between boxes on a LAN. Should be nice and fast. You will not see those speeds with openvpn for sure. Its just not a fast enough processor.
What are the cons to migrating to IPsec vs OpenVPN?
-
Openvpn is simple and port flexible. IPsec is pretty much the opposite of that.