OpenVPN slow



  • Well gang, I'm having a similar issue to most folks here, slow OpenVPN.  We have 100Mbs up and down on the router side, and testing it from a client side with 20Mbs up/down we only get a fraction of available bandwidth (its only for 2 people):

    Client connecting to 10.0.5.252, TCP port 5001
    TCP window size: 64.2 KByte (default)
    –----------------------------------------------------------
    [  3] local 192.168.201.6 port 59644 connected with 10.0.5.252 port 5001
    [ ID] Interval      Transfer    Bandwidth
    [  3]  0.0-10.0 sec  7.12 MBytes  5.97 Mbits/sec

    We have tried the following remedies:

    net.inet.ip.fastforwarding = 1
    UDP for OpenVPN transport
    With and without compression
    Crypto engine is on

    Numbers stay pretty constant.  We have an Alix 2D13 based router.  We should be able to get at least double those numbers without a hardware accelerator card.  Before we rush out an buy one, I think there's something else going on here.  Any help is appreciated, thanks!



  • Please don't hijack threads, the other one was solved already, your issue is almost certainly different.

    An ALIX is relatively a very slow system. Generally can do better than 6 Mbps of VPN, but if you're hammering it with a lot of other traffic, and/or running a number of other services, that would be more or less the expected result. Depends on what else you're running on the system, and what cipher you're using (don't use 3DES or > 128 bit on something that slow if you want good performance), and whether or not you're doing compression (on an ALIX, don't). Also test throughput between the locations outside the VPN as many times it's a general limit in throughput between point A and B.



  • If the test uses a fixed TCP window size, then the bandwidth achieved will be limited by the combination of window size and round-trip delay. e.g. the window size above is 64.2KByte. That means that the test will send 64.2KByte of data, then stop sending until it gets an ACK from the 1st packet…. - never having more than 64.2KByte of unacknowledged data. For example, if your round-trip delay (latency) is 100ms (0.1sec) then the maximum throughput on TCP is:

    64.2KByte10248bits / 0.1 sec = 5,259,260 bits/sec

    Try using a bigger window size, that might help the test if the latency from client is high.
    Of course, your Alix 2D13 might be max'd out anyway.


Locked