low speed (2MBps) on openvpn server (pfsense community edition)
-
i have setup pfsense on an ryzen 2400g (4core8thread 3 ghz) and set openvpn server on it. one internal motherboard gigabit lan (using as wan) and other pcie gigabit lan card (lan for pfsense). when i connect form a win10 openvpn client in another isp internet i get only 2MBps read speed in smb. i.e. reading from shared volume on pfsense lan side pc. can i get 100mbps i.e. 12MBps or something? i really want 100 or 150mbps speeds for accessing the local pfsense lan shared drive. please help. using pfsense community edition 2.6.0.
-
What is the latency? SMB is chatty and latency impacts the performance.
Have you done an iperf test through the connection to make sure OpenVPN is performing like you expect?o||||o
7100-1u -
@andyrh how do i check the latency. u mean my client side internet general latency or what? i am no network guy. please be helping in simple steps.
how to do iperf test.
thanks -
@rampuse Ping the remote system from the local one. It will show the latency of the connection.
-
@andyrh On a 25ms VPN (latency) then SMB shouldnt have a problem, but it does....
VPN via pfense sucks performance wise.
-
@andyrh the latency is about 37 to 45ms . i pinged the remote wireguard server. yes, now i am trying out wireguard...getting around 3 to 4 MBps from same setup (for the smb). sooooo wireguard is better than the openvpn, but only little.
-
@cool_corona then what would u recommend for a vpn setup? those costly vpn routers, like fortigate?? i was trying to avoid them.....
-
@rampuse I dont know.... A old Cisco or MikroTik outperforms pfsense with a factor of 20 on a IPSec.
I havent tried OPNSense VPN wise so I cant tell you if its better but I would give it a try.
-
For reference, on an 8ms WG VPN I am getting 150+Mbps single stream and 750+ Mbps with 10 streams. 7100 <-> 6100 both with symmetrical 1Gb fiber. The testing was done with iperf, server to server. Synology replication over the same link runs in the 350Mbps range.
The only tuning was to reduce the MTU. -
VPN performance on pfSense is great if you configure and tune it properly. It's even better on Plus.
It helps if you have hardware that supports acceleration and use algorithms which are accelerated by that hardware.
A lot also depends on your ISP. The upload and download speed (claimed and actual tested speed), WAN type (PPPoE, DHCP/Static, etc), MTU, and so on. Also if your client is on another ISP their WAN speeds matter, too. As well as along the whole path between the two sites.
All that said, SMB is notoriously crappy over non-local networks so it's a poor way to judge speed. Definitely run tests with something like iperf (between the client and the target server, NOT to the firewall itself!).
