Is this performance to be expected?
-
@michmoor Yep. That's why there are 2 entries from both sender and receiver and a SUM. I used -P2.
-
@s1l3nce said in Is this performance to be expected?:
But when I do file transfers through smb
That's the problem. SMB is lousy for anything other than the local LAN.
Your own testing shows that -
@jknott Yep, I'm aware
But why do you think the Synology NAS deals with it much better? What could be causing that difference in performance, even when the NAS has a weaker processor? -
@s1l3nce Looks like it has 4 cores so 15% would be less than one. OpenVPN is single threaded as I recall. You could verify usage with "top" during the test.
I didn't dig through your settings but did you review
https://docs.netgate.com/pfsense/en/latest/recipes/index.html#openvpn -
Sorry for my ignorance guys. I've just launched iperf with -P4 (4 threads) instead of -P2 and now I'm getting nearly 300 mbps (which is the connection cap) and 25% CPU usage, which means that I'm maxing out one core.
So that's definitely a relief but now I need to figure out why my smb transfers are so bad. If you have any tips on that, I'm all ears
@steveits said in Is this performance to be expected?:
https://docs.netgate.com/pfsense/en/latest/recipes/index.html#openvpn
Yep, I did
-
@s1l3nce said in Is this performance to be expected?:
So that's definitely a relief but now I need to figure out why my smb transfers are so bad. If you have any tips on that, I'm all ears
I would avoid SMB transfers period.
What is the latency between the client and the server? -
@michmoor said in Is this performance to be expected?:
What is the latency between the client and the server?
20ms and very stable.
I've just found something very interesting. When I do smb transfers between server and client, this happens:
-
Client downloading a file from OpenVPN server
![5434d0353fd5795e7cef14575605ad5c[1].png](/assets/uploads/files/1675451975472-5434d0353fd5795e7cef14575605ad5c-1.png)
-
Client uploading a file to OpenVPN server
![f9603d5520619dfcd2bb01164de1f4ab[1].png](/assets/uploads/files/1675452042163-f9603d5520619dfcd2bb01164de1f4ab-1.png)
I've also tried using WireGuard and the downloading was even worse than OpenVPN but the upload was the same; network capped.
-
Client downloading a file from WireGuard server
![f4f693a257deba66646412ebe171e249[1].png](/assets/uploads/files/1675452768503-f4f693a257deba66646412ebe171e249-1.png)
-
Client uploading a file to WireGuard server
![cd15d09115104fb1b3562c66d758e404[1].png](/assets/uploads/files/1675452642727-cd15d09115104fb1b3562c66d758e404-1.png)
I think I'm very close to finding the culprit. Thanks for the help and all the interest
Sharing all this stuff with you is helping me a lot.Btw, just to clarify, this is a speed test on the network where the NAS is hosted. I said 500/500 mpbs in the op because it's in my contract but for some reason I'm receiving 100 extra mbps. Not complaining
And just to be sure that the NAS is not causing this issue, I've also downloaded files from a Windows machine inside the same network to the machine with the openVPN client and the download speeds where the same as from the NAS (around 15 Megabytes/s).
-
-
Tomorrow I will try to do the same test but with a client from a different network that also has a 600/600 mbps connection, because I'm starting to think that it could be an issue on the receiving end, meaning that maybe the client that I'm using right now has some issue with VPN downloads. I doubt this is the case but who knows...
I will update this post tomorrow with the results.
-
Ok, I've done some testing from this other client and the results are pretty much the same: uploads are great (400 mbps, which is the maximum that I can expect from my firewall's processor with AES-NI) and downloads are still poor (average of 150 mbps).
I've also tested doing FTP file transfers through VPN and I got the same results as with smb. So smb is not the issue.
So these are my findings so far:
- OpenVPN does not seem to be the problem: I've got even worse server upload with WireGuard.
- SMB is not the problem: FTP through VPN gives similar results.
- My server upload is not the problem: direct SFTP uploads (bypassing the VPN) are just fine.
- My firewall processor is not the problem: the CPU caps at 25% (one core at full usage) when the upload reaches about 400 mbps.
I'm really out of ideas now but at least I've discarded loads of things
-
I still haven't figured out why this is happening. The only update I have is that I've also tested this on macOS using the official openVPN client and I had the same results: perfect upload speeds (to the server) and terrible download speeds (from the server).
I don't know what else to try at this point.
-
I know this topic is quite old but I just want to give a small update.
I ended up changing from OpenVPN to Wireguard. I managed to reach my maximum upload/download server speeds through Wireguard. So, even though it is more painful to configure each client, the performance increase makes a huge difference.
-
Here is my transfer performance using Wireguard
DOWNLOADING FROM SERVER (Server upload performance)
![fa6458705745c2fe12cf2ee4b989de6b[1].png](/assets/uploads/files/1705852885802-fa6458705745c2fe12cf2ee4b989de6b-1.png)
UPLOADING TO SERVER (Server download performance)
![cbd266b143cfdf96762c54a44e8b5656[1].png](/assets/uploads/files/1705853123719-cbd266b143cfdf96762c54a44e8b5656-1.png)
I'm very happy with these results.
