4. OpenVPN Performance

OpenVPN Performance

  • J

    HI All,
    I am having a performance issue with OpenVPN - Site to Site setup
    Site A - Server Side. Virtual pfsense, ESXi, 1Gb duplex connection. Server behind the pfsense running Windows Server and an FTP Site. Actual files to be served on a NAS behind the server, inaccessible to the VPN client. Symbolic link on server makes the files look and appear to be local.

    Site B - Client Side. Virtual pfsense, ESXi, 300/30 Virgin Internet. Vigin Hub in modem mode, EdgeRouter X acting as internet router. Then pfsense, then client (windows 10)

    Virtual pfsenses have 1GB memory and plenty of CPU. Neither are constrained.
    FTP is unencrypted

    I am getting a throughput of 5.5Mbps from server to client using FTP - which is somewhat less than ideal
    I have played with MTU (down to 1400) and increased / decreased the send/receive buffers - none of which have an effect.

    If I run a speedtest from site A - I get 900+/900+ - to be expected
    If I run a speedtest from site B - I get somewhat variable results depending on time of day - but fairly good (200+/20+)
    If I run an FTP to Site A from somewhere else I get 100Mb
    If I run an FTP to Site B from somewhere else I also get a decent speed - just more variable

    I am using the link to overnight transfer changed files from Site A to Site B and vice versa - but I am only getting 5.5Mb throughput which seems just wrong

    Any ideas for how to go about looking further? I am having difficulty interpreting these results

    Sean

    0 1 Reply

  • @JustConfused

    One thing to bear in mind is that overall performance will be determined by the upload bandwidth at each end. The download bandwidth is irrelevant, as it's usually much higher than upload. What happens if you run iperf to measure bandwidth between sites? I see iperf v3 is now available for pfSense.

    0
  • H

    What is the roundtrip delay between A and B ? A fairly high one (more than 150ms) with TCP size window can lead to "wrong" results (far less bandwidth than really available).

    Try running several FTP in parallel to highlight it.

    0
  • J

    Between A&B, with no traffic is 29ms or so

    I am having problems getting iperf to work due to firewall rules preventing such traffic. I'll work on that

    0 1 Reply

  • @JustConfused said in OpenVPN Performance:

    Between A&B, with no traffic is 29ms or so

    I am having problems getting iperf to work due to firewall rules preventing such traffic. I'll work on that

    You'll have to open up port 5201 for iperf v3. The graphical interface in pfSense says port 5001, which is for v2.

    0
  • J

    I am not ignoring this - I just broke everything quite badly - so am having to recover

    :-(

    Sean

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy