OpenVPN Client-to-Site is very slow
i fight against this problem for a few days…
Here are some informations about my config:
- pfSense running on an ESX 5.5 --> Version 2.2.5 (updated today, before 2.2.4) (AMD 64)
- Hardware: 4GB Ram, Dual-Core, i think this is enough to handle 2-3 clients
- WAN Connection: (Download >100mbit, Upload >70mbit)
- OpenVPN Client-to-Site connections are authenticate over LDAP (Active Directory Domaincontroller)
- Safety: AES 256bit CBC
Everything works fine but the bandwith is very slow. More than 3mbit is not possible (but over 70mbit upload is possible)
I try the following things to increase the bandwith but it does not help:
- Decrease the safety to AES 128 CBC (There was only a lower CPU load)
- a lot of different openvpn clients
- changed the following settings in the advanced field: tun-mtu 1500; mssfix 1400;
- all possible settings for lzo compression
- Downgrade the pfsense on the following versions: 2.2.3, 2.2.2, 2.2.1, 2.2 and 2.15
- net.inet.ip.fastforwarding switch to value 1
All this settings do not solve my bandwith limitation.
Does anyone have some ideas?
Thansk in advance
What kind of connection are the clients using?
"Everything works fine but the bandwith is very slow. More than 3mbit is not possible"
How are you testing this bandwidth? A file copy via smb? SMB over a wan is going to blow.. What is the latency these clients have?? 20ms? Higher?
I run pfsense on esxi, and I vpn in all the time.. Now my upload is limited to 12mpbs at the pfsense end.. But I know for sure I get better than 3…
I tested with ipferf. But now, from another wan connection i get "normal" performance. i think there was a issue with the other wan connection i used for my vpn.
thanks a lot for the fast reply :)
my configuration seems to be okay!
because i found this topic already open will update with the same issue i have. The openvpn connection is verry slow. When i try to copy something it gets a max of 50kb/s !!!
I have attached the connections for both client(speedtest) and pfsense-openvpn server(console).
On the Openvpn side i use:
- DH Parameter length (bits) - 2048
- Encryption Algorithm - AES-256-CBC
- Auth digest algorithm - sha256
- Hardware Crypto - Intel RDRAND engine
Should i need to lower those?
![Screen Shot 2016-10-02 at 13.41.26.png](/public/imported_attachments/1/Screen Shot 2016-10-02 at 13.41.26.png)
![Screen Shot 2016-10-02 at 13.41.26.png_thumb](/public/imported_attachments/1/Screen Shot 2016-10-02 at 13.41.26.png_thumb)