Delay related performance issues with OpenVPN

OpenVPN
Log in to reply
  • E

    Hello,

    I have a Pfsense 2.2.4 running over an ESXI 6.0.0 located in France.
    I have a Pfsense 2.2.4 running over an ESXI 6.0.0 located in Montreal.

    I have 2 types of OpenVPN Client.

    • One which is another Pfsense on an APU (2.2.4).
    • One which is my Windows 10 laptop.

    Which I can connect alternatively to either servers.

    My VPN is configured in UDP, works fine and is very stable but I experience performance issue (delay related) when I try to upload a large file from a server behind either pfsense through the OpenVPN tunnel.

    I have done Upload and Download testing without the VPN and I have 16 Mbps throughput in both direction (limited by my internet connection)
    Client <===Internet===>Pfsense (VPN termination)<==>Server

    But using OpenVPN, I have still nearly 16Mbps Download, But the Upload drop drasticallly. 
    Client <===Internet===>Pfsense (NAT PortForwarding)<===>Server

    File Upload to Montreal (30ms RTD) : 3,2 Mbps
    File Upload to France (140ms RTD) : 560 KBps (!)
    I have asked someone to make a test from China to the Montreal's server (450ms RTD) : 150 KBps (!)

    I have made packet capture to try spotting the problem.
    When I capture packets on the OpenVPN interface, I can see that there is some packet drop and retransmission (which explains why it's delay related).
    However the packet drop profile is very strange, very even and regular. I loose one packet very regularly (every 40-50 packets to France).
    You can see below a list of the missing packets in my trace :

    Packet ID         Time         Packet count Time difference
    64 0.96
    112 1.78         48 0.82
    160 2.61         48 0.83
    226 3.71         66 1.1
    286 4.67         60 0.96
    334 5.5         48 0.83
    384 6.32         50 0.82
    424 7.02         40 0.7
    472 7.84         48 0.82
    511 8.53         39 0.69
    558 9.35         47 0.82
    615 10.18        57 0.83
    666 11.14 51 0.96
    716 11.97 50 0.83
    770 12.93 54 0.96
    810 13.62 40 0.69
    858 14.44 48 0.82
    887 14.99 29 0.55
    936 15.82 49 0.83

    This and the fact that I have good performance in all other configuration let me think that the packet loss is due to a problem in my servers configuration.

    I have tryed different things to clear this up, with no result at all.

    Any idea ?

    Thank you very much,

    Ebo

    0
  • E

    Hello again,

    It seems that my problem doesn't generate a lot of ideas… :P

    For information, I have solved my problem by putting traffic limiter in place (applied to my openvpn rule).
    By limiting my upload traffic to 5 Mbps (Optimal setting for me according to my tests), it works much better.

    With no traffic limiter :
    Upload to montreal : 3,2 Mbps
    Upload to France : 560 Kbps

    With a traffic limiter at 5 Mbps.
    Upload to Montreal : 4,7 Mbps (stable)
    Upload to France : 4,4 Mbps (peak)

    Hope it can help,

    Ebo

    0
  • B

    do you use outbound-NAT ?
    do you have more than one openVPN-Server running on that pfsense?

    if yes, look here:
    https://forum.pfsense.org/index.php?topic=101115.0

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy