Page 1 of 1

OpenVpn performance

Posted: Fri Oct 25, 2013 4:18 pm
by honda4life
Hello,

I'm running OpenVPN on a RPi in a datacenter, I got 100 mbit up and 100 mbit down, this speed is verified with a speedtest.
I'm running OpenVPN for access my shares, browsing the internet. The configuration works as expected.
Now... The speed is very slow. I've tried a lot but I can't improve it.
The speed is about 2 mbit down / up. It should be possible to download about 50 mbit from my home connection.
Testing with iperf, browsing, ftp,... all results are the same.
CPU load low, so this isn't my problem.

First question: What is your OpenVPN performance? (please respond with the correct symbol! megabits (Mb) or megabytes (MB))

My server configuration:

Code: Select all

port 1194 //Not tried different port
proto udp //Tried TCP, no difference
dev tun
ca ./keys/ca.crt
cert ./keys/server.crt
key ./keys/server.key
dh ./keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route MY.PYBLIC.IP.RANGE 255.255.254.0" //Hide my public range
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1" //Running local DNS forwarder
keepalive 10 120
ping-timer-rem
tls-auth ./keys/ta.key 0
cipher AES-256-CBC //Also tried default and none
;comp-lzo //Not useful i suppose
user nobody
group nogroup
persist-key
persist-tun
verb 3
plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn-auth //Like to use username and key
reneg-sec 0 //Do not type password x seconds again
management localhost 1193 //Testing some things
#tun-mtu 1500 //Tried with next 4 parameters to improve, fail
#tun-mtu-extra 32
#fragment 1468
#mssfix 1436
My client configuration:

Code: Select all

client
dev tun
proto udp
remote MY.PIBLIC.IP.ADDRESS 1194 //Hide my public address
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
tls-auth ta.key 1
cipher AES-256-CBC
;comp-lzo
verb 3
;mute 20
auth-user-pass
auth-nocache
reneg-sec 0
IPtabel rules (most basic tested, no "firewalling"):

Code: Select all

iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Edit: Changing to tcp works "better", 8,25 Mb/s, CPU load is about 75 - 80%, even without crypto and auth it's about 50%.
Too bad that's the limit without overclock.

Please help,
Thanks!