• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Extremely slow OpenVPN

Scheduled Pinned Locked Moved OpenVPN
5 Posts 4 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    Jausk
    last edited by May 15, 2018, 8:18 PM

    Good evening,

    I'm here hoping you guys can help me. First of all, I have already read several post regarding possible slow OpenVPN fixes:

    • Already tried enabling fastforward parameter
    • Already enabled AES-NI
    • Already played with MTU and Buffer size

    Unfortunately, none of them worked. When I connect through my VPN, I hit 3mbps down / 2mbps up. My connection goes up to 300/300 (speed test carried out from pfSense), so I'm basically getting only 1% of my bandwidth.

    Some additional information:

    CPU: AMD Opteron™ X3216 APU / AES-NI CPU Crypto: Yes (active)
    RAM: 2GB

    Server config file

    dev ovpns1
    verb 1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp4
    cipher AES-256-GCM
    auth SHA512
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.1.138
    engine cryptodev
    tls-server
    server 10.0.8.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server1
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls '<vpn hostname="">' 1"
    lport 1994
    management /var/etc/openvpn/server1.sock unix
    push "dhcp-option DNS 10.10.10.1"
    push "redirect-gateway def1"
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh none
    crl-verify /var/etc/openvpn/server1.crl-verify
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    ncp-ciphers AES-256-GCM:AES-128-GCM
    topology subnet</vpn>
    

    Client config file

    dev tun
    persist-tun
    persist-key
    cipher AES-256-GCM
    ncp-ciphers AES-256-GCM:AES-128-GCM
    auth SHA512
    tls-client
    client
    resolv-retry infinite
    remote <vpn hostname=""> 1994 udp
    verify-x509-name "<vpn hostname="">" name
    remote-cert-tls server
    key-direction 1</vpn></vpn>
    

    Do you have any ideas or any hints regarding the extremely low speed?

    Thank you very much!

    1 Reply Last reply Reply Quote 0
    • J
      Jausk
      last edited by May 17, 2018, 11:04 AM

      Update: switching to TCP seems to improve performance significantly. Over TCP I'm getting 30/30mbps

      ? 1 Reply Last reply May 25, 2018, 11:01 PM Reply Quote 0
      • M
        mtk
        last edited by May 17, 2018, 11:29 AM

        I am experiencing the same with my APU2C4 and (outgoing traffic via) AirVPN, hitting even lower rates!

        @Jausk:

        Good evening,

        I'm here hoping you guys can help me. First of all, I have already read several post regarding possible slow OpenVPN fixes:

        • Already tried enabling fastforward parameter
        • Already enabled AES-NI
        • Already played with MTU and Buffer size

        Unfortunately, none of them worked. When I connect through my VPN, I hit 3mbps down / 2mbps up. My connection goes up to 300/300 (speed test carried out from pfSense), so I'm basically getting only 1% of my bandwidth.

        Some additional information:

        CPU: AMD Opteron™ X3216 APU / AES-NI CPU Crypto: Yes (active)
        RAM: 2GB

        Server config file

        dev ovpns1
        verb 1
        dev-type tun
        dev-node /dev/tun1
        writepid /var/run/openvpn_server1.pid
        #user nobody
        #group nobody
        script-security 3
        daemon
        keepalive 10 60
        ping-timer-rem
        persist-tun
        persist-key
        proto udp4
        cipher AES-256-GCM
        auth SHA512
        up /usr/local/sbin/ovpn-linkup
        down /usr/local/sbin/ovpn-linkdown
        local 192.168.1.138
        engine cryptodev
        tls-server
        server 10.0.8.0 255.255.255.0
        client-config-dir /var/etc/openvpn-csc/server1
        tls-verify "/usr/local/sbin/ovpn_auth_verify tls '<vpn hostname="">' 1"
        lport 1994
        management /var/etc/openvpn/server1.sock unix
        push "dhcp-option DNS 10.10.10.1"
        push "redirect-gateway def1"
        ca /var/etc/openvpn/server1.ca
        cert /var/etc/openvpn/server1.cert
        key /var/etc/openvpn/server1.key
        dh none
        crl-verify /var/etc/openvpn/server1.crl-verify
        tls-auth /var/etc/openvpn/server1.tls-auth 0
        ncp-ciphers AES-256-GCM:AES-128-GCM
        topology subnet</vpn>
        

        Client config file

        dev tun
        persist-tun
        persist-key
        cipher AES-256-GCM
        ncp-ciphers AES-256-GCM:AES-128-GCM
        auth SHA512
        tls-client
        client
        resolv-retry infinite
        remote <vpn hostname=""> 1994 udp
        verify-x509-name "<vpn hostname="">" name
        remote-cert-tls server
        key-direction 1</vpn></vpn>
        

        Do you have any ideas or any hints regarding the extremely low speed?

        Thank you very much!

        1 Reply Last reply Reply Quote 0
        • A
          askmyteapot
          last edited by May 21, 2018, 11:40 PM

          You might want to check that the settings for Hardware TCP Segmentation Offload (TSO) and Hardware Large Receive Offload (LRO) under System > Advanced on the Networking tab are ticked. (i.e. disabled)

          I found in my setup, that made a big difference.

          1 Reply Last reply Reply Quote 0
          • ?
            A Former User @Jausk
            last edited by May 25, 2018, 11:01 PM

            @jausk said in Extremely slow OpenVPN:

            Update: switching to TCP seems to improve performance significantly. Over TCP I'm getting 30/30mbps

            UDP does not acknowledge sent packets, TCP does. Generally, due the extra overhead of acknowledging packet exchange via TCP, tends to cause more overhead, thus less achieved bandwidth vs. UDP, which is why UDP is the default for VPN services. And protocols that use UDP are considered to tolerate intermittent packet loss.

            So if you're experiencing an increasing in throughput with an acknowledged exchange protocol vs. a lossy protocol, that suggests something in the connection link may be priority throttling /losing/dropping packets, affecting overall throughput based on lossy vs. lossless protocol exchanges. This also does not rule out a packet size negotiation issue that may be the difference between your UDP and TCP connection differences.

            If TCP is giving you improved bandwidth over UDP, use that the explore if there is a packet fragmentation or priority issue in the upstream link between you, your VPN provider, and your target throughput test service.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received