OpenVPN Performance

JustConfused

HI All,
I am having a performance issue with OpenVPN - Site to Site setup
Site A - Server Side. Virtual pfsense, ESXi, 1Gb duplex connection. Server behind the pfsense running Windows Server and an FTP Site. Actual files to be served on a NAS behind the server, inaccessible to the VPN client. Symbolic link on server makes the files look and appear to be local.

Site B - Client Side. Virtual pfsense, ESXi, 300/30 Virgin Internet. Vigin Hub in modem mode, EdgeRouter X acting as internet router. Then pfsense, then client (windows 10)

Virtual pfsenses have 1GB memory and plenty of CPU. Neither are constrained.
FTP is unencrypted

I am getting a throughput of 5.5Mbps from server to client using FTP - which is somewhat less than ideal
I have played with MTU (down to 1400) and increased / decreased the send/receive buffers - none of which have an effect.

If I run a speedtest from site A - I get 900+/900+ - to be expected
If I run a speedtest from site B - I get somewhat variable results depending on time of day - but fairly good (200+/20+)
If I run an FTP to Site A from somewhere else I get 100Mb
If I run an FTP to Site B from somewhere else I also get a decent speed - just more variable

I am using the link to overnight transfer changed files from Site A to Site B and vice versa - but I am only getting 5.5Mb throughput which seems just wrong

Any ideas for how to go about looking further? I am having difficulty interpreting these results

Sean

JKnott

@JustConfused

One thing to bear in mind is that overall performance will be determined by the upload bandwidth at each end. The download bandwidth is irrelevant, as it's usually much higher than upload. What happens if you run iperf to measure bandwidth between sites? I see iperf v3 is now available for pfSense.

HuskerDu

What is the roundtrip delay between A and B ? A fairly high one (more than 150ms) with TCP size window can lead to "wrong" results (far less bandwidth than really available).

Try running several FTP in parallel to highlight it.

JustConfused

Between A&B, with no traffic is 29ms or so

I am having problems getting iperf to work due to firewall rules preventing such traffic. I'll work on that

JKnott

@JustConfused said in OpenVPN Performance:

Between A&B, with no traffic is 29ms or so

I am having problems getting iperf to work due to firewall rules preventing such traffic. I'll work on that

You'll have to open up port 5201 for iperf v3. The graphical interface in pfSense says port 5001, which is for v2.

JustConfused

I am not ignoring this - I just broke everything quite badly - so am having to recover

:-(

Sean