Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DH Parameters size affects performance?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amartin
      last edited by

      Hello,

      I am running pfSense 2.2.3 and I recently increased the size of my DH Parameters value in the OpenVPN server configuration from 1024 (the default) to 4096 (following instructions here) as mitigation against the Logjam vulnerability. I am passing SIP traffic over OpenVPN on this pfSense gateway, and after modifying this parameter my SIP clients noticed poor performance. Does increasing the size of the DH Parameters value increase latency or otherwise degrade performance of OpenVPN traffic?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • D
        darkcrucible
        last edited by

        I hope I'm not wrong here but I think DH parameters are only used to setup a connection. It may take longer to establish a VPN connection. Other than that I don't think DH parameters affect the connection after it's established.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          They are used during key exchange, and mostly the CPU-intensive part is generating them not using them, though I suppose that would depend on the systems on either side. I wouldn't expect them to have an ongoing/persistent effect on the VPN speed, just portions including key exchange.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.