Gigabit OpenVPN, whats needed?



  • Hi.
    I tried searching for a good answer but found nothing definitive.
    Has anyone actually managed to get a box up to about gigabit speeds over openvpn aes-256-cbc?
    Right now the most speed I can get is about 550Mbps down, and thats using an FX-6300.
    Before I shell out loads of cash for a new machine I thought I would get some community input.

    It would be nice if this was achievable with some kind of low powered small formfactor but I kind of doubt it.

    Thanks.



  • Does Intel AES hardware crypto help?

    I have mine enabled, but unfortunately I only have a gig down (40 Mbps up) with my Comcast cable modem.


  • Netgate

    OpenVPN spends so much time context switching that AES-NI can help a little but not a lot. Single-thread CPU performance helps the most.



  • This is a lot more difficult than I thought.
    My current processor gets about 1400 points in single thread according to passmark.
    So I would need something with about twice that.
    https://www.cpubenchmark.net/singleThread.html
    Currently the only processor with that kind of oomph is the 8086 which otherwise seems waaay overpowered for a simple router.
    I think I will go with one of the pentium golds. About 1000 points more than now and under $100.



  • $400 later and I now have a router based on a G5400.
    The other end of the vpn is currently under heavy load so I can't get a good measure but running at 300 mbps gives a cpu usage of about 30%, 100mbit about 10%.
    Extrapolating from that..this might actually work.
    Will report back later when I get some better speeds.



  • switch to aes-128-gcm