Optimize OpenVPN connection



  • The Pfsense firewall is based on an Intel i3-7100U running at 2.4GHz and has 8GB of RAM and a SSD. No other packages are running and cpu is typically 0-2%. The firewall is on a 300/300 connection and works great. I was recently at a location that also has a 300/300 connection (verified using speedtest on multiple servers) and when I enabled the Openvpn connection I only achieved a 100/100 using multiple speedtests on different servers. Is this typical Openvpn performance? I am running an AES-128-GCM/SHA256 cipher and the crypto engine is set to BSD Cryptodev engine. In the Pfsense Advanced/Misc settings the cryptographic hardware is set to AES-NI and BSD Crypto Device. Anything else I can do to optimize performance? I tried adding sndbuf 524288 and rcvbuf 524288 to the Openvpn custom options but there was no change in performance so I removed them. Suggestions?



  • @jeff3820 said in Optimize OpenVPN connection:

    set to BSD Cryptodev engine. In the Pfsense Advanced/Misc settings the cryptographic hardware is set to AES-NI and BSD Crypto Device

    Disable both.
    Try playing with different values for snd/rcvbuf.
    Also, can play with

    --txqueuelen n
    

    See manual 2.4:
    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
    Above settings apply to server and client separately.


Log in to reply