pfsense as OpenVPN server, why slow speed?
-
Hi
I have been using pfSense as OpenVPN server for a long time now. It works perfect, but the VPN speed is not as fast as I want. I get around 25mbit through the tunnel. What can I do to improve that?
pfSense is running OpenVPN server, and OpenVPN Client is installed on laptop, tried several laptops with same results.
Technical information:
pfSense Version 2.3.3
Internet Connection 300/300mbitpf sense is running on a computer with this hardware:
-Intel(R) Core(TM) i3-4160T CPU @ 3.10GHz 4 CPUs: 1 package(s) x 2 core(s) x 2 SMT threads
-4GB ram
-120GB SSD
2x network cards, one for WAN and the other for LAN.This hardware should be enough to get more than 25mbit?
-
@skippern12 said in pfsense as OpenVPN server, why slow speed?:
pfSense Version 2.3.3
Why? And where is the laptop at when its testing?
You do understand that old version is running OLD version of openvpn server.
-
@johnpoz said in pfsense as OpenVPN server, why slow speed?:
@skippern12 said in pfsense as OpenVPN server, why slow speed?:
pfSense Version 2.3.3
Why? And where is the laptop at when its testing?
You do understand that old version is running OLD version of openvpn server.Yes, I know there is a newer version available. Haven't upgraded because I don't want to mess up things, do you think it would improve speed?
Have tried different locations for the laptop, at the moment speedtest.net reads 135Mbps without VPN and 24Mbps with VPN Connected.
Turned Encryption Algorithm to No encryption, with no difference. CPU usage is 1%, I had expected more. -
Different locations means what exactly? Local to your vpn server or at some remote location with limited down/up internet speed along with different latency... Which is going to effect your speeds..
If you want to know what the openvpn connection is capable of.. Then put your laptop on the local wan network and connect to your vpn server. Then run say an iperf test to something sitting on your lan.
-
@johnpoz said in pfsense as OpenVPN server, why slow speed?:
Different locations means what exactly? Local to your vpn server or at some remote location with limited down/up internet speed along with different latency... Which is going to effect your speeds.
Of course, if you're at a different location from the pfSense firewall and trying to access a site elsewhere, then the traffic has to pass through the internet connection twice, once in the tunnel and again when going out to the Internet. That alone will cut bandwidth in half. I have 2 ways to test that avoids this problem. First, I have a spare port on my firewall, which I can connect a computer to and my cable modem also supports 2 connections, so I can plug in there and be entirely outside of my firewall.
-
Hi
Tried with iperf3 now.
Without VPN it measures 800Mbit
With VPN I get only 25 to 35 Mbit -
You said 300/300 in the OP now you're saying 800? Which is it? Makes people think you're not testing what you think you're testing.
-
iperf tests was done local, not over the internet.
800/800 is directly between pc's used for test (LAN), this verifies that the pc's are good.
When I put the pfsense between the two PC's, I get poor results -
Update:
Upgraded to v 2.4.3 and added UDP Fast I/O and Send/Rec buffer 2mb. Now I get 37mbps (iperf), some improvement, but I think it should be possible to improve more? -
What is your CPU doing while you're testing.
top -aSHwhile it is running should give you some insight.What is the testing configuration now?
-
Not able to test right now with the command you suggest, when I monitored cpu usage in pfsense web interface, it was showing 4-5% openvpn and almost 95% idle.
Test configuration is two computers with iperf
Software.
One computer connected to LAN side og pfsense and the other to WAN. Using UDP OpenVPN to tunnel with AES128-CBC snd Sha1. -
OK so you have no idea if you are testing the firewall's OpenVPN capabilities or the client's in that scenario.
-
@skippern12 said in pfsense as OpenVPN server, why slow speed?:
hardware
It could of course be a client problem, but I have tested with different laptops so I thing the problem is on the server side.
-
Just configured L2TP/IPSEC and did a test from a Laptop with Windows 10 using Windows 10 built in VPN Client software.
Test was done with laptop connected to Wifi and I got around 70mbps with Iperf over the VPN tunnel.
Pfsense CPU load was around 6% during test.This is twice as fast as OpenVPN and even not a proper test since it was done over wifi.
Can't understand why OpenVPN is so slow...
-
@skippern12 still slow on latest version to date... using openvnp connect on Android 12... and on server UDP with 128 data encryption (minimun).. I can't exchange big files (above 500 KB), I get timeout
