Page 1 of 1

OpenVpn performance

Posted: Fri Oct 25, 2013 4:18 pm
by honda4life

I'm running OpenVPN on a RPi in a datacenter, I got 100 mbit up and 100 mbit down, this speed is verified with a speedtest.
I'm running OpenVPN for access my shares, browsing the internet. The configuration works as expected.
Now... The speed is very slow. I've tried a lot but I can't improve it.
The speed is about 2 mbit down / up. It should be possible to download about 50 mbit from my home connection.
Testing with iperf, browsing, ftp,... all results are the same.
CPU load low, so this isn't my problem.

First question: What is your OpenVPN performance? (please respond with the correct symbol! megabits (Mb) or megabytes (MB))

My server configuration:

Code: Select all

port 1194 //Not tried different port
proto udp //Tried TCP, no difference
dev tun
ca ./keys/ca.crt
cert ./keys/server.crt
key ./keys/server.key
dh ./keys/dh2048.pem
ifconfig-pool-persist ipp.txt
push "route MY.PYBLIC.IP.RANGE" //Hide my public range
push "redirect-gateway def1"
push "dhcp-option DNS" //Running local DNS forwarder
keepalive 10 120
tls-auth ./keys/ta.key 0
cipher AES-256-CBC //Also tried default and none
;comp-lzo //Not useful i suppose
user nobody
group nogroup
verb 3
plugin /usr/lib/openvpn/ openvpn-auth //Like to use username and key
reneg-sec 0 //Do not type password x seconds again
management localhost 1193 //Testing some things
#tun-mtu 1500 //Tried with next 4 parameters to improve, fail
#tun-mtu-extra 32
#fragment 1468
#mssfix 1436
My client configuration:

Code: Select all

dev tun
proto udp
remote MY.PIBLIC.IP.ADDRESS 1194 //Hide my public address
resolv-retry infinite
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
;mute 20
reneg-sec 0
IPtabel rules (most basic tested, no "firewalling"):

Code: Select all

iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
Edit: Changing to tcp works "better", 8,25 Mb/s, CPU load is about 75 - 80%, even without crypto and auth it's about 50%.
Too bad that's the limit without overclock.

Please help,