pfSense Support Subscription

Author Topic: Openvpn extrem slow even without Excryption on 2 1GB/s connections  (Read 273 times)

0 Members and 1 Guest are viewing this topic.

Offline gtrdriver

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Hello

Here i have 2 Servers within 2 Datacenters  (Storage place) with 1 1GB Connectsions to the net.

When i do i Iperf (without VPN betwenn this 2 PFsense Devices i get: arround 700-800Mbit/s

Wen i do same tests with iperf within the openVPN of this 2 Devices i get arround 130-150Mbit/s

Even when i disable Excryption for testing i dont get much more then 170Mbit/s


I played arround with some Settings found on the Net

I played with different MTU Sices Fragmentation, Rx/TX Buffer  but nothing realy speed up the connection.

I can  understand that i dont get the max rate (700-800Mbits/s) but 150Mbitīs seem to much too low...

I played with some advanced settings as i wrote for hours but nothing realy speed up VPN dramaticaly - also if i disable Encryption

I dont undertand this issue ...

Can anyone help me ?

Best regards

CU
GTR




Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21284
  • Karma: +1415/-26
    • View Profile
Re: Openvpn extrem slow even without Excryption on 2 1GB/s connections
« Reply #1 on: July 20, 2017, 09:14:51 am »
OpenVPN, by its nature, is slow. There is a lot of context switching and using tun the way it does takes it along a very inefficient path compared to IPsec.

You'll need to be specific about exactly which options you have in use on the VPN on both sides or nobody can offer better suggestions than what you may have already tried.

One thing you didn't mention, though, assuming it's pfSense (or at least UNIX) on both sites, and using UDP, you should try "fast-io" in the advanced options.

Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline gtrdriver

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: Openvpn extrem slow even without Excryption on 2 1GB/s connections
« Reply #2 on: July 25, 2017, 03:59:10 pm »
Hi

First of all - Thanks for your Post and your Information.

I made some more Tests with your Hint "FastIO" and Buffer Settings then i get over 82Mbit on a 100Mbit Connection and over 280Mbit on a 1Gbs Connection - so thats not bad.

I also figured out that IPSEC is a little Bit Faster (site 2 site with Pfsense - same hardware same Wan same NET) - i did some tests and on the 1GBps WAN Connection i get with ipsec arround 380Mbps.


But i can live with the Speed of openvpn and it s more easy to configure and forward...


I have a additional Question:  Can i do "Routing" between different Subnets on different Openvpn Site2Site Connections ?

So for example:

Client Network1:  192,168,10,1/24
Client Network2:  192,168,11,1/24
Client Network3:  192,168,12,1/24

All This Networks have its own pfsense and all are connected to a Server Pfsense - Network: 192.168.100.0/24

All is done with Site2Site so: every Device in every Client Network (1-3) can ping each device on the Server Network
Also each device on the Server Network can ping each Device on each Client Network


But i also want that each Device of Client Network1 can reach each device of Client Network3.


Is there a way to  configure pfsense (ovpnclient and ovpnserver) that the server route the request from Client Network1 to Client Network3 and in the other direction ?

Or do i have to make a extra VPN Connection betwen this 2 Networks ?