Benchmarking OpenVPN Performance

tman222

Hi all,

I'm relatively new to OpenVPN and recently used pfSense to setup an OpenVPN server for remote connectivity between two sites. Some high level details about the setup:

Site 1 Circuit: 1000/1000 Fiber
Site 2 Circuit: 500/500 Fiber
Network latency between the sites: ~40ms
Site 2 OpenVPN Server (pfSense) specs: Intel i3 8100 (3.6GHz, quad core), 8GB Ram, Intel i340-T4 network card used for WAN/LAN
OpenVPN Encryption Mode: AES-256-GCM/SHA256

Running a single stream iperf3 test between two Linux hosts through the VPN tunnel I get ~450-500Mbit/s in one direction (site 2 sending to site 1) and about and ~400-450Mbit/s in the other (site 1 sending to site 2). When taking network overhead/congestion into account I feel like this is pretty good. I also tested transferring files through the tunnel between the two hosts via SSH and saw the transfer speed ranging from 40 - 45MB/s. While not quite full speed, this also seems pretty good given the extra overhead from SSH.

I did had a couple questions for the community:

1. Is there anything else I can do to improve performance? Performance already appears pretty good to me, but maybe I'm missing something. I should mention that I also have fast-io enabled and increased the OpenVPN send/receive buffers (I saw this recommended in another thread).
2. What is a good way to calculate theoretical OpenVPN throughput of the firewall? Is there a test I can run or calculation I can do to figure this out?

Thanks in advance for your help and feedback I really appreciate it.

KOM

1. No idea.
2. Install the iperf package and then test via that.

https://iperf.fr/

Pippin

2. https://forum.netgate.com/topic/94091/asus-n3050i-c-for-openvpn-100mbit-wan

tman222

Thanks guys - I appreciate the input.

Looked at the thread @Pippin linked to and here are some numbers based on methodology that was suggested for estimating throughput (the second set of numbers are for another pfSense firewall I decided to test as well):

OpenVPN Throughput (Estimated) - Intel i3-8100 (4 x 3.6GHz):

AES-256-CBC: 3200/7.446 = 429.8 Mbit/s
AES-128-CBC: 3200/7.295 = 438.7 Mbit/s
AES-256-GCM: 3200/6.729 = 475.6 Mbit/s
AES-128-GCM: 3200/6.658 = 480.6 Mbit/s

OpenVPN Throughput (Estimated) - Intel Xeon D-1518 (4 x 2.2GHz):

AES-256-CBC: 3200/12.419 = 257.7 Mbit/s
AES-128-CBC: 3200/12.157 = 263.2 Mbit/s
AES-256-GCM: 3200/11.092 = 288.5 Mbit/s
AES-128-GCM: 3200/11.043 = 289.8 Mbit/s

Overall those numbers don't seem too bad to me - what does everyone else think?

KOM

I have a 100/100 link at work and a 150/15 at home. I use OpenVPN to connect to our LAN and various Windows boxes via Remmina (Linux version of RDP). It's fast enough for me. It's hard to say how it will perform for you without knowing what you do.

tman222

@KOM said in Benchmarking OpenVPN Performance:

I have a 100/100 link at work and a 150/15 at home. I use OpenVPN to connect to our LAN and various Windows boxes via Remmina (Linux version of RDP). It's fast enough for me. It's hard to say how it will perform for you without knowing what you do.

Thanks @KOM - my use case is similar - RDP, VNC and some file transfers now and then. For that it's working very well based on my limited testing. I just have a tweaker mentality and figured there might be things I could do to make it even better :). Also, thank you for mentioning Remmina - I have been looking for a good RDP/VNC client for Linux and this does the job. Thanks again!