Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slow OpenVPN perfomance in virtualized pfSense (Hyper-V).

    OpenVPN
    4
    5
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Soyokaze
      last edited by

      Hi.

      I've got the following situation:
      Two Hyper-V hosts on 10Gb links, with direct connectivity to internet, located in one datacenter, E5-2960 v2 @ 3Ghz.
      In each host there is two VM: pfSense (2.2 alpha at moment) and WinSvr2008R2.
      WinSvr VM is linked through private virtual switch to pfSense, which has direct connection to internet through "external" virtual switch, connection is shared with host.
      pfSense VM is configured to use enlightened network adapters (hn).

      On one pfSense there is OpenVPN server, on other (obviously)- OpenVPN client, with following configuration ATM:
      UDP, tun, no encryption, SHA1 160 bit Auth, compression disabled, mssfix.

      Problem:
      If I copy files over SMB from Hyper-V host to Hyper-V host - I'm getting speeds up to 250+ MBytes/s (I've seen up to 400MBytes/s).
      If I copy files over SMB from WinSvr VM to Hyper-V host (so it pass through pfSense) - I'm gettings speed from 150 Mbytes/s to 300 Mbytes/s.

      If I copy files over SMB from WinSvr VM through OpenVPN link to other WinSvr VM - I'm getting speeds around 25 Mbytes/s.
      With encryption enabled (BF-CBC), file copy speed over VPN drops to 15 Mbytes/s.

      In attach:

      1. Diagram of current setup
        and
      2. Traffic graph screenshot doing various transfers,
        first spike - through OpenVPN (VM to VM), other - various web browser speed tests and VM to host file transfers.

      Any ideas?

      ![pfsense slow openvpn.png](/public/imported_attachments/1/pfsense slow openvpn.png)
      ![pfsense slow openvpn.png_thumb](/public/imported_attachments/1/pfsense slow openvpn.png_thumb)
      ![pfsense traffic graph.png](/public/imported_attachments/1/pfsense traffic graph.png)
      ![pfsense traffic graph.png_thumb](/public/imported_attachments/1/pfsense traffic graph.png_thumb)

      Need full pfSense in a cloud? PM for details!

      1 Reply Last reply Reply Quote 0
      • S
        steve72
        last edited by

        Try and set net.inet.ip.fastforwarding=1 in System: Advanced: System Tunables

        Several users have seen a big speed increase in OpenVPN performance with it enabled.

        1 Reply Last reply Reply Quote 0
        • S
          Soyokaze
          last edited by

          Enabled on both routers, rebooted for sure.
          Nope, no difference.

          Need full pfSense in a cloud? PM for details!

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            check the cpu usage of the VM when pushing data over the vpn.

            also since you are running 2.2 , try posting in the 2.2 section of the forum.

            hyper-V support for freebsd is fairly new, so there are probably still some flaws compared to other hypervisors

            1 Reply Last reply Reply Quote 0
            • B
              buckalot
              last edited by

              Since I had a similar issue the solution I found was written here: https://forum.pfsense.org/index.php?topic=88467.msg491409#msg491409

              System -> Advanced -> Networking (tab) and check the "Disable hardware checksum offload"

              1 Reply Last reply Reply Quote 0
              • First post
                Last post