Extremely slow OpenVPN
-
Good evening,
I'm here hoping you guys can help me. First of all, I have already read several post regarding possible slow OpenVPN fixes:
- Already tried enabling fastforward parameter
- Already enabled AES-NI
- Already played with MTU and Buffer size
Unfortunately, none of them worked. When I connect through my VPN, I hit 3mbps down / 2mbps up. My connection goes up to 300/300 (speed test carried out from pfSense), so I'm basically getting only 1% of my bandwidth.
Some additional information:
CPU: AMD Opteron
X3216 APU / AES-NI CPU Crypto: Yes (active)
RAM: 2GBServer config file
dev ovpns1 verb 1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-GCM auth SHA512 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 192.168.1.138 engine cryptodev tls-server server 10.0.8.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server1 tls-verify "/usr/local/sbin/ovpn_auth_verify tls '<vpn hostname="">' 1" lport 1994 management /var/etc/openvpn/server1.sock unix push "dhcp-option DNS 10.10.10.1" push "redirect-gateway def1" ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh none crl-verify /var/etc/openvpn/server1.crl-verify tls-auth /var/etc/openvpn/server1.tls-auth 0 ncp-ciphers AES-256-GCM:AES-128-GCM topology subnet</vpn>
Client config file
dev tun persist-tun persist-key cipher AES-256-GCM ncp-ciphers AES-256-GCM:AES-128-GCM auth SHA512 tls-client client resolv-retry infinite remote <vpn hostname=""> 1994 udp verify-x509-name "<vpn hostname="">" name remote-cert-tls server key-direction 1</vpn></vpn>
Do you have any ideas or any hints regarding the extremely low speed?
Thank you very much!
-
Update: switching to TCP seems to improve performance significantly. Over TCP I'm getting 30/30mbps
-
I am experiencing the same with my APU2C4 and (outgoing traffic via) AirVPN, hitting even lower rates!
Good evening,
I'm here hoping you guys can help me. First of all, I have already read several post regarding possible slow OpenVPN fixes:
- Already tried enabling fastforward parameter
- Already enabled AES-NI
- Already played with MTU and Buffer size
Unfortunately, none of them worked. When I connect through my VPN, I hit 3mbps down / 2mbps up. My connection goes up to 300/300 (speed test carried out from pfSense), so I'm basically getting only 1% of my bandwidth.
Some additional information:
CPU: AMD Opteron
X3216 APU / AES-NI CPU Crypto: Yes (active)
RAM: 2GBServer config file
dev ovpns1 verb 1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-GCM auth SHA512 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 192.168.1.138 engine cryptodev tls-server server 10.0.8.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server1 tls-verify "/usr/local/sbin/ovpn_auth_verify tls '<vpn hostname="">' 1" lport 1994 management /var/etc/openvpn/server1.sock unix push "dhcp-option DNS 10.10.10.1" push "redirect-gateway def1" ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh none crl-verify /var/etc/openvpn/server1.crl-verify tls-auth /var/etc/openvpn/server1.tls-auth 0 ncp-ciphers AES-256-GCM:AES-128-GCM topology subnet</vpn>
Client config file
dev tun persist-tun persist-key cipher AES-256-GCM ncp-ciphers AES-256-GCM:AES-128-GCM auth SHA512 tls-client client resolv-retry infinite remote <vpn hostname=""> 1994 udp verify-x509-name "<vpn hostname="">" name remote-cert-tls server key-direction 1</vpn></vpn>
Do you have any ideas or any hints regarding the extremely low speed?
Thank you very much!
-
You might want to check that the settings for Hardware TCP Segmentation Offload (TSO) and Hardware Large Receive Offload (LRO) under System > Advanced on the Networking tab are ticked. (i.e. disabled)
I found in my setup, that made a big difference.
-
@jausk said in Extremely slow OpenVPN:
Update: switching to TCP seems to improve performance significantly. Over TCP I'm getting 30/30mbps
UDP does not acknowledge sent packets, TCP does. Generally, due the extra overhead of acknowledging packet exchange via TCP, tends to cause more overhead, thus less achieved bandwidth vs. UDP, which is why UDP is the default for VPN services. And protocols that use UDP are considered to tolerate intermittent packet loss.
So if you're experiencing an increasing in throughput with an acknowledged exchange protocol vs. a lossy protocol, that suggests something in the connection link may be priority throttling /losing/dropping packets, affecting overall throughput based on lossy vs. lossless protocol exchanges. This also does not rule out a packet size negotiation issue that may be the difference between your UDP and TCP connection differences.
If TCP is giving you improved bandwidth over UDP, use that the explore if there is a packet fragmentation or priority issue in the upstream link between you, your VPN provider, and your target throughput test service.