Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Slow(ish) OpenVPN on site to site VPN.

    OpenVPN
    1
    1
    60
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nubbins last edited by

      Hi All,

      I'm struggling to track down the cause of a slow site to site OpenVPN.

      In the datacenter, we have an HA pair running i5-3470 @3.2Ghz with a 1G/1G link to the internet and, on a speed test, we get the full gig in both directions with a latency of 0.6ms and 0 jitter - a very nice line.

      At the office, we have 500M/35M line and a i5-7200U CPU at 2.5Ghz. Speed test shows 9ms to 13ms latency and the full 500/35.

      If we run iperf from a local pfsense to a local server or PC, we get the full 1Gpbs as you would expect but if we iperf between the 2 firewalls we get ~80Mbps down stream (obvioulsy we max out the 35Mbps upload stream). We've tried firewall to firewall as well PC to remote PC etc. all roughly the same.

      We have hardware crypto on both sides, using UDP with AES-128-CBC/SHA256 and no compression (although we tried many combinations to see if there was a difference and there wasn't really). The CPUs on both sides are around 10% during the run.

      I see people getting 500 - 700Mbps through the tunnel so am i missing something. I've tweaked buffer sizes etc and nothing really makes a difference.

      I've searched the forums but nothing I found seemed to work.

      Any suggestions on where else i can look or is that expected performance given the hardware. We also tried an SG1100 (no hardware crypto?!) and will be trying the SG3100 tomorrow to see if there's a difference but i'm not holding my breath.

      TIA

      Mark

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy