OpenVPN performance
-
As we start to get more remote users on OpenVPN the performance is becoming an issue. We currently have a NetGate 5100 and was wondering if upgrading to a 6100 (or something else) would increase the thruput on OpenVPN. On gigabit links on the same carrier we max out at about 25mbps over OpenVPN.
Is it a hardware issue or something else?
Any suggestions for improved VPN options to laptops? Any configuration parameters that we should look at?
-
@klubar My first questions would be are you utilizing split-tunnel or are your users using full-tunnel? This choice has a huge impact on performance. My next question is what are the workloads expected over the VPN? Lots of file transfers? Or just light work such as checking email, and browsing internal sites? Are your gig links symmetrical(1Gbps up and down)? Lastly, how many users are we talking about?
edit:
https://docs.netgate.com/pfsense/en/latest/vpn/performance.html#scaling-openvpn -
@michmoor Thanks!
The link connected to the PFSense is 900/800 mbps (Verizon Fios). As for the laptop links I'm not sure -- but mine is 300/300.
The workload is accessing a Windows 2019 server -- all the files are on the server and users open all the files remotely.
We don't do split tunnels as non-VPN traffic makes up a small portion of the total usage (and we've had difficulty when we've turned it on). Does this matter if the users are only accessing the file server?
We probably want to support 10 to 15 remote users. But even with one user active I'm never seeing more than 25mbps.
I'm not seeing heavy CPU usage on the pfSense.
-
@klubar What are users doing on the file server?
Also if you can screenshot some of your OpenVPN configuration that would help. -
@michmoor It's a windows file server; most are using Word, PPT & Excel. The PPT files size probably run 20-40MB (sometimes bigger). They seem to spend a lot of time "looking" for files -- so opening directories. But we also also have some users with the Adobe Creative Suite so they are pushing bigger files -- 100+MB.
The Windows File Server is running Server 2019; local performance (when in the office) is fine. The server is an overpowered Dell running AD, File & Print services (and not much else).
Is there some other setting I should be looking at?
I'm running pfSense 21.05.2-RELEASE on Netgate SG-5100
-
@klubar said in OpenVPN performance:
We probably want to support 10 to 15 remote users. But even with one user active I'm never seeing more than 25mbps.
Are the users testing speeds on a wired or wireless connection? Thats a variable that would give the impression of a slow vpn connection.
How are you doing the speedtests? -
21.05.2 is old. You should upgrade.
However I'm not aware of anything that would specifically affect OpenVPN speed in that version.
In 22.05 you can use QAT and DCO which can be significantly faster. However 25Mbps is far below what the 5100 is capable of in any config.What sort of latency is there across the tunnel from the laptop?
High latency and SMB, especially if it's V2, is notoriously terrible.
Try testing with something else to be sure it's not just the link, like iperf or example.Steve
