Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Windows Client Slow Performance

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 384 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • planedropP
      planedrop
      last edited by

      Hi Everyone,

      Posting this here in case the answer helps others, however if I don't get much feedback I'll contact Netgate directly since I have support from them.

      Anyway, it would seem we are seeing very slow OpenVPN performance and I can't seem to pin down why. Seeing roughly 40mbps in each direction (sometimes closer to 20) despite there being a lot more bandwidth available. This was tested both with iperf3 and SMB over the link.

      • Firewall is an XG-1541 with PFSense Plus

      • Uplink (and downlink) from server side is 1 gigabit (dedicated ethernet, tested to ensure full speed)

      • Client side is a fairly powerful Windows 10 machine (8 cores, 16GB of RAM)

      • Client side bandwidth is roughly 400/40mbps

      Here are the OpenVPN Settings currently in use:

      • Fully updated PFSense and OpenVPN version
      • OpenVPN is set to go over the correct full gigabit WAN
      • UDP
      • TLS enabled
      • DH Length of 2048 bits
      • Default ECDH
      • AES-128-GCM
      • SHA256
      • Refuse any non-stub compression
      • Netbios Enabled with h-node
      • AES-NI Supported and Enabled

      I'm seeing 2% ish usage on the firewall and sub 10% CPU usage on the client when doing tests, so it doesn't seem to be related to that (additionally no single core on the client is pegged, though as I understand it GCM should allow multi threading anyway).

      Any ideas here? Config doesn't seem to be wrong.

      It almost seems as if the link speed is following the slowest denominator or something, as it hovers right around 40mbps which is the uplink from the client side (even when doing a download only transaction). I can also verify this is the speed I'm seeing on multiple external networks and systems.

      Finally, I did try this from our 300/40 link locally (on the same firewall, we use the 300/40 link as our main connection while only certain services run over the 1/1gig) and saw closer to 150mbps. Still not as high as I would expect though.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.