OpenVPN performance
-
What is the expected performance degradation for OpenVPN? I have a symmetrical 1 Gbps line connected to Netgate XG-1537. When I do a remote test with No VPN enabled, I get 380/30 U/D throughput. The minute I connect to VPN the best I can get is 70/20. Any reason? This is true for all users going thru that VPN. They see a major drop in performance (irrespective of OS, hardware type, etc.) Moreover, is there an optimized configuration for the client that someone can use to enhance performance? Thanks
-
@postuser49 No one is going to be able to directly answer your question. Way too many variables involved and you didn't post any info about the OpenVPN config.
If speed is a requirement, you may want to try WireGuard instead of OpenVPN. I just recently switched over a bunch of OpenVPN tunels to WireGuard and I can't believe I didn't do it sooner! One site does nightly backups over the vpn, with OpenVPN it would start at 230am, finish a little after 8am depending on the amount of changes of course.
Same exact setup except using WireGuard, starts at 230am, done before 530am every night so far. -
@jarhead Below is the config file - WireGuard is not as secure as openVPN
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-disable
auth SHA256
tls-client
client
resolv-retry infinite
remote corporate-vpn.corp.com 11940 udp4
lport 0
comp-lzo no
verify-x509-name "pfsense-vpn.corp.com" name
auth-user-pass
remote-cert-tls server
reneg-sec 0 -
@postuser49
Try to use AES-256-GCM cipher. The CBC is a known as less performant.You can find further tuning hints on Netgate's VPN Scaling page.