pfSense English Support > OpenVPN

OpenVPN speed vs hardware

(1/2) > >>

Hi All,

1st a "Thank you" to everyone who works so hard at posting so much great info on this forum.  This has been an extremely helpful resource for me in my short journey to run pfsense with an openvpn to PIA full time.

I also wanted to post some info on hardware and the actual VPN throughput achieved from usenet source which can more than saturate my 300mbps cable.

Quad Core Atom E3845 1.91GHz, 2MB L2 Cache, CPU Supports AES-NI, 8GB DDR3L RAM and 128GB mSATA SSD
312mbps without openvpn 115mbps with openvpn

Core i3-7350K 4.20 GHz, ASRock H270M-ITX/AC, 8GB DDR42400, 123 mSATA
312mbps without openvpn 312mbps with openvpn

I got much better speed on the E3845 after adding these settings and I left them on the new system
OpenVPN -Advanced Configuration-Custom options
remote-cert-tls server
reneg-sec 0

UDP Fast I/O checked
Send/Receive Buffer 1mb
Verbosity level 3

Hope this helps someone,


How much did your speed improve after those settings?

I have N3150 and you're getting same speed with hardware as ppl tested so makes me think it's tweaks that make speed increase. Thoughts?


Here is big question, does your 7350K have AES-NI and is it enabled? Is this PC with PSU or NUC?

It doesn't matter actually, i'm just trying to prove it to myself that AES-NI doesn't work currently and it's all about cpu cycles. PERIOD.

If it doesn't have it it proves CPU did it by itself. If you has it and it's enabled it still shows AES-NI does nothing as double cpu cycles did this job. This is sad.

I just did testing on my own on live vpn connection.  With N3150 with 1.6Ghz CPU i'm getting max 105Mbs on AES-128-GCM. My CPU only peak utlization was 49%, never got above 50%. Don't know why it didn't hit 100%.

It seems AES-NI doens't work at all in pfsense. It's useless. Why do i say that. Look at your pc cpu clocks.

2.0Ghz got you 115Mbps which makes sense with your extra 400mhz but look at your 4Ghz pc it doulbed the speed which also makes sense as 115x2 equals 330Mbps.

It seems it's all about CPU cycles. Sad AES-NI does not work at all or it's completely useless looking at Cpu cycles analysis itself. It seems to hit 200Mbps one would need ~ 3Ghz CPU.

My ISP is 180Mbps. I wanted to hit 100% less my ISP speed so ~165-170Mbps. I was getting 50Mbps with Asus 87u router so i doubled but i paid $300 and it this NUK comes short.

It seem i will have to spend another $400 to build some monster with 4.0 Ghz cycle rate cause AES-NI don't work, at least in pfsense (2.4.2) software. Maybe that will change in 2.5 release.

SO CONCLUSION IT'S ALL ABOUT CPU CYCLES AND AES-NI DOES NOT WORK. I love pfsense but i'm dissapointed in those results.

It says it's active but it absolutely does NOT help cpu cycles at all. There is no difference with it on based on those results here.

I run pfSense on a Quad Core Atom E3950 1.6GHz (Burst to 2.0GHz), 2MB L2 Cache, AES-NI, 8GB DDR3L RAM and 64GB mSATA SSD
I have FIOS 150/150 internet plan, and I max out my connect using OpenVPN + AES-128-CBC on PIA VPN. CPU usage is around 20% during speed tests.

Let's see the screenshot. I was able to improve my speed last night by enabling FreeBSD hardware acceleration in openvpn client and in advanced options under networking instead of AES-NI so now i get

115-120Mbps which is better with 50% of cpu usage. So i gained 10Mbps but that's where rubber meets the road. No more. The AES-NI doesn't work or it works slightly that one can not notice its effect. 

Based on what i see CPU cycles do 95% of the work and AES-NI is useless. If i learned that here on forum i would have chose different solution with more CPU power as i nee at minimum 200Mbps and

ideal would be 300Mbps so probably i newer processor with 2.5Ghz-3Ghz cycle rate.  I think this thread below  is right as far as Mbps goes as i matched N3150 performance in real testing on openvpn.

If anyone has any suggestions on newer mobile processors with lower power consumption please let me know. I see this thread is 2 yrs old already. I found NUC on aliexpress with 4500 i 7 cput but it's $300 with shipping.

Not bad but too much for 2 yr old processor is somewhat already old.  I should have done this in first place. Ideally i would like to have NUC that can max out 1Gbs connection on openvpn but that's pipe dream i think at this point.

It would have to be some 4.5Ghz monster with 100watt power consumption. So FreeBSD hardware acceleration work, AES-NI doesn't and it assist like 5-10%. Nothing significant. Those speeds in that thread below are right on the money i think.

I'm learning a lot by tweaking here and there in pfsense. Now when i'm looking at consumer router i think it's a toy. I converted my asus 87u into access point and lan switch. That thing maxed out at

45Mbps with 1.0Ghz processor. One can again see coraliation of CPU cycles here again and it being ARM processor doesn't help either. It seems newer CPU with lower cycles would do better then older

CPU with same cycle rate. I would also NOT do ARM with AES-NI. I think it won't do well. Look at the performance of atom and celerons. I would expect similar performance out of ARM. I think CPU needs to be power pc grade and it seems i7 i5 and some newer AMD APU feet the bill. AMD APU

A10are cheap and clock rates are 4Ghz so that would be ideal but then what motherboard. How to get 2 NICs, all this is an obstacle.


[0] Message Index

[#] Next page

Go to full version