pfSense in AWS - OpenVPN slow performance
-
Team,
I am running into a strange issue with OpenVPN configuration where I cannot get pass 2Mbps Download and 8Mbps upload while using TCP. I tested the following so far but no luck. Any suggestions will be greatly appreciated.
- Tested on pfSense version 2.4.2 and 2.4.5 - the same issue
- Tested with speedtest.net and jpref from my home network and also from a server in AWS (to ensure there is no throttling on my ISP)
- Tested with different values of MTU, MSSFIX
- Tested with different send/receive buffers on the server and the client
- Disable/Enable Hardware Offloading for checksum, TSO, LRO
- Disable/Enable Hardware acceleration for crypto and compression
- Tried running with and without compression
- I get slightly better performance out of UDP but still limited to Down: 5Mbps and Up: 8Mbps
- I tried adjusting other characteristics within tunables but nothing seems to be changing the performance
- I noticed OPT1 interface drops a lot of traffic as if the connections were expired (something is overflowing?)
- High Jitter but no packet loss which means retransmissions! This makes me think it must be some buffer that is not able to keep up but not sure which one.
Paul
-
Unfortunately I don't have an answer. But I wanted to say that I'm facing the same problem. My pfsense version is 2.4.5. As you have mentioned I've also tried all these things but my VPN speed never exceeded than 2 mbps download, my ISP is 100+ mbps. Few months ago it used to work with the same setup of AWS hosted openvpn server and netgate pfsense as openvpn client but then I crashed my Netgate SG-1100 because of an electrical surge and ordered a new one. There's one strange thing though, my ovpn file has following setting
## DIGEST:sha256
But the vpn connection started working, with this low speed when I choose sha1 as encryption and if I choose sha256, connection doesn't work.
-
@ghummantech
Hi, I was able to resole the issue selecting different EC2 instance size, t3 or larger (without bust limit) seems to be resolving the problem. Give it a try and let me know.