Extremely slow OpenVPN

Jausk

Good evening,

I'm here hoping you guys can help me. First of all, I have already read several post regarding possible slow OpenVPN fixes:

• Already tried enabling fastforward parameter
• Already enabled AES-NI
• Already played with MTU and Buffer size

Unfortunately, none of them worked. When I connect through my VPN, I hit 3mbps down / 2mbps up. My connection goes up to 300/300 (speed test carried out from pfSense), so I'm basically getting only 1% of my bandwidth.

Some additional information:

CPU: AMD Opteron X3216 APU / AES-NI CPU Crypto: Yes (active)
RAM: 2GB

Server config file

dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-GCM
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.1.138
engine cryptodev
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
tls-verify "/usr/local/sbin/ovpn_auth_verify tls '<vpn hostname="">' 1"
lport 1994
management /var/etc/openvpn/server1.sock unix
push "dhcp-option DNS 10.10.10.1"
push "redirect-gateway def1"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh none
crl-verify /var/etc/openvpn/server1.crl-verify
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
topology subnet</vpn>

Client config file

dev tun
persist-tun
persist-key
cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA512
tls-client
client
resolv-retry infinite
remote <vpn hostname=""> 1994 udp
verify-x509-name "<vpn hostname="">" name
remote-cert-tls server
key-direction 1</vpn></vpn>

Do you have any ideas or any hints regarding the extremely low speed?

Thank you very much!

Jausk

Update: switching to TCP seems to improve performance significantly. Over TCP I'm getting 30/30mbps

mtk

I am experiencing the same with my APU2C4 and (outgoing traffic via) AirVPN, hitting even lower rates!

@Jausk:

Good evening,

I'm here hoping you guys can help me. First of all, I have already read several post regarding possible slow OpenVPN fixes:

• Already tried enabling fastforward parameter
• Already enabled AES-NI
• Already played with MTU and Buffer size

Unfortunately, none of them worked. When I connect through my VPN, I hit 3mbps down / 2mbps up. My connection goes up to 300/300 (speed test carried out from pfSense), so I'm basically getting only 1% of my bandwidth.

Some additional information:

CPU: AMD Opteron X3216 APU / AES-NI CPU Crypto: Yes (active)
RAM: 2GB

Server config file

dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-GCM
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.1.138
engine cryptodev
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
tls-verify "/usr/local/sbin/ovpn_auth_verify tls '<vpn hostname="">' 1"
lport 1994
management /var/etc/openvpn/server1.sock unix
push "dhcp-option DNS 10.10.10.1"
push "redirect-gateway def1"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh none
crl-verify /var/etc/openvpn/server1.crl-verify
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
topology subnet</vpn>

Client config file

dev tun
persist-tun
persist-key
cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA512
tls-client
client
resolv-retry infinite
remote <vpn hostname=""> 1994 udp
verify-x509-name "<vpn hostname="">" name
remote-cert-tls server
key-direction 1</vpn></vpn>

Do you have any ideas or any hints regarding the extremely low speed?

Thank you very much!

askmyteapot

You might want to check that the settings for Hardware TCP Segmentation Offload (TSO) and Hardware Large Receive Offload (LRO) under System > Advanced on the Networking tab are ticked. (i.e. disabled)

I found in my setup, that made a big difference.

A Former User

@jausk said in Extremely slow OpenVPN:

Update: switching to TCP seems to improve performance significantly. Over TCP I'm getting 30/30mbps

UDP does not acknowledge sent packets, TCP does. Generally, due the extra overhead of acknowledging packet exchange via TCP, tends to cause more overhead, thus less achieved bandwidth vs. UDP, which is why UDP is the default for VPN services. And protocols that use UDP are considered to tolerate intermittent packet loss.

So if you're experiencing an increasing in throughput with an acknowledged exchange protocol vs. a lossy protocol, that suggests something in the connection link may be priority throttling /losing/dropping packets, affecting overall throughput based on lossy vs. lossless protocol exchanges. This also does not rule out a packet size negotiation issue that may be the difference between your UDP and TCP connection differences.

If TCP is giving you improved bandwidth over UDP, use that the explore if there is a packet fragmentation or priority issue in the upstream link between you, your VPN provider, and your target throughput test service.