Slow(ish) OpenVPN on site to site VPN.
-
Hi All,
I'm struggling to track down the cause of a slow site to site OpenVPN.
In the datacenter, we have an HA pair running i5-3470 @3.2Ghz with a 1G/1G link to the internet and, on a speed test, we get the full gig in both directions with a latency of 0.6ms and 0 jitter - a very nice line.
At the office, we have 500M/35M line and a i5-7200U CPU at 2.5Ghz. Speed test shows 9ms to 13ms latency and the full 500/35.
If we run iperf from a local pfsense to a local server or PC, we get the full 1Gpbs as you would expect but if we iperf between the 2 firewalls we get ~80Mbps down stream (obvioulsy we max out the 35Mbps upload stream). We've tried firewall to firewall as well PC to remote PC etc. all roughly the same.
We have hardware crypto on both sides, using UDP with AES-128-CBC/SHA256 and no compression (although we tried many combinations to see if there was a difference and there wasn't really). The CPUs on both sides are around 10% during the run.
I see people getting 500 - 700Mbps through the tunnel so am i missing something. I've tweaked buffer sizes etc and nothing really makes a difference.
I've searched the forums but nothing I found seemed to work.
Any suggestions on where else i can look or is that expected performance given the hardware. We also tried an SG1100 (no hardware crypto?!) and will be trying the SG3100 tomorrow to see if there's a difference but i'm not holding my breath.
TIA
Mark