Raspberry Pi Forums

Hey,

I was excited to utilize the 1gbps LAN the Pi4 has as I have a 1gbps up/down connection, but was shocked at how bad OpenPVN and WireGuard perform.

I did tests on my phone with the respective apps, and at best I could muster was ~20Mbps down ~10mbps up. Without VPN I got stable 100Mbps up/down. It was even worse on 4G LTE - ~5-10Mbps down, ~1-5Mbps up with VPN enabled, and around ~50MBps up/down with VPN disabled.

I checked htop during speedtests, the cpu utilization for both VPN servers was ~25%, 3gb of ram free, nothing else transferring to/from the Pi at the time. I at one point set cipher and auth to none in server.conf for OpenVPN and still wouldn't get faster speeds.

I can download files off the pi at 100mb/s from outside my LAN, so this ~20Mbps limit (2-3mb/s) is definitely not related to my home networking/router.

What gives? Any ideas?

I’m less certain regarding Wireguard but in the case of openvpn I’m pretty sure the 25% load you see is actually 1 core out of 4 running at 100%

Encryption/decryption runs in the CPU on Pi, so throughput will vary according to which algorithm you choose to run. On Pi3B I remember seeing 30 Mbps over a bridged AES-128 tunnel.
There is no doubt Pi4 is faster than that.

To test tunnel maximum throughput, install 2 machines on your LAN. Check how fast they communicate, then add the tunnel and compare.

The OpenVPN is slow, but the WireGuard performs very well. I'm getting ~50 MB/s (~400 Mbps) download and upload speed on my tablet, through the VPN tunnel (htop). It's limited by the 867 Mbps WiFi connection.

Kendek wrote: ↑

Sun Feb 16, 2020 1:09 pm

The OpenVPN is slow, but the WireGuard performs very well. I'm getting ~50 MB/s (~400 Mbps) download and upload speed on my tablet, through the VPN tunnel (htop). It's limited by the 867 Mbps WiFi connection.

Are you running stock settings with WireGuard?

CodilX wrote: ↑

Sun Feb 16, 2020 3:05 pm

Are you running stock settings with WireGuard?

Yeah, nothing special. But my OS is a custom 64-bit Ubuntu with kernel 5.5.4. The AES is not HW accelerated, so the WireGuard is recommended, and the Adiantum is for fscrypt or LUKS DM-Crypt.

Kendek wrote: ↑

Sun Feb 16, 2020 3:33 pm

CodilX wrote: ↑

Sun Feb 16, 2020 3:05 pm

Are you running stock settings with WireGuard?

Yeah, nothing special. But my OS is a custom 64-bit Ubuntu with kernel 5.5.4. The AES is not HW accelerated, so the WireGuard is recommended, and the Adiantum is for fscrypt or LUKS DM-Crypt.

I was able to achieve similar results to yours on 5ghz wifi at home, but when I switched to 4G LTE instead of ~70Mbps up/down the best result I get is 20Mbps up/down.

Is there any way to bump this up or is this just a limitation of Wireguard/Pi4?

CodilX wrote: ↑

Sun Feb 16, 2020 4:07 pm

Is there any way to bump this up or is this just a limitation of Wireguard/Pi4?

There is a limitation, but I don't think that is on the server side. Maybe try to share your mobile internet with a PC, and do some speed test on it.

Kendek wrote: ↑

Sun Feb 16, 2020 4:15 pm

CodilX wrote: ↑

Sun Feb 16, 2020 4:07 pm

Is there any way to bump this up or is this just a limitation of Wireguard/Pi4?

There is a limitation, but I don't think that is on the server side. Maybe try to share your mobile internet with a PC, and do some speed test on it.

Thanks. I still get that ~20Mbps cap...

CodilX wrote: ↑

Sun Feb 16, 2020 4:48 pm

Thanks. I still get that ~20Mbps cap...

So, you have a 1 Gbps internet access, I think it's PPPoE, right? The max MTU is 1492 instead of 1500, so you need to set the correct value on the client. I'm using 1432 because 1492 PPPoE max - 20 IPv4 header - 8 UDP header - 4 type - 4 key index - 8 nonce - 16 authentication tag. This is for IPv4 only, if you want IPv6 too, then the more appropriate value is 1412.
Please try both MTU 1432 and 1412 and report back if changed the transmission speed.

CodilX wrote: ↑

Sun Feb 16, 2020 4:48 pm

Kendek wrote: ↑

Sun Feb 16, 2020 4:15 pm

CodilX wrote: ↑

Sun Feb 16, 2020 4:07 pm

Is there any way to bump this up or is this just a limitation of Wireguard/Pi4?

There is a limitation, but I don't think that is on the server side. Maybe try to share your mobile internet with a PC, and do some speed test on it.

Thanks. I still get that ~20Mbps cap...

Depending where you live, there could be intentional throttling of VPN connections to and from residential connections as part of a government security policy. As a result, it is better to tune performance on a local area network.

My results for Wireguard on a Pi 4B

viewtopic.php?t=251159#p1533989

suggest a performance loss of no more 25 percent compared to unencrypted gigabit Ethernet. If you are seeing different across the Internet compared to locally, that may be a concern to bring to the representative, monarch or dictator who runs your government.

Kendek wrote: ↑

Sun Feb 16, 2020 6:13 pm

CodilX wrote: ↑

Sun Feb 16, 2020 4:48 pm

Thanks. I still get that ~20Mbps cap...

So, you have a 1 Gbps internet access, I think it's PPPoE, right? The max MTU is 1492 instead of 1500, so you need to set the correct value on the client. I'm using 1432 because 1492 PPPoE max - 20 IPv4 header - 8 UDP header - 4 type - 4 key index - 8 nonce - 16 authentication tag. This is for IPv4 only, if you want IPv6 too, then the more appropriate value is 1412.
Please try both MTU 1432 and 1412 and report back if changed the transmission speed.

This is to be set in client.config? Is this right?

[Interface]
PrivateKey = ...
Address = 10.6.0.2/24
DNS = 10.6.0.1
MTU = 1432

[Peer]
PublicKey = ...
PresharedKey = ...
Endpoint = 1.2.3.4:51820
AllowedIPs = 0.0.0.0/0

Edit:

This is what I'm getting on 4G LTE. Without VPN:


With WireGuard

ejolson wrote: ↑

Sun Feb 16, 2020 6:26 pm

Depending where you live, there could be intentional throttling of VPN connections to and from residential connections as part of a government security policy. As a result, it is better to tune performance on a local area network.

My results for Wireguard on a Pi 4B

viewtopic.php?t=251159#p1533989

suggest a performance loss of no more 25 percent compared to unencrypted gigabit Ethernet. If you are seeing different across the Internet compared to locally, that may be a concern to bring to the representative, monarch or dictator who runs your government.

No throttling of any kind with my ISP.

Hi all,

Been using 2 rpi4b's since they launched in jun 19 - 1 for UK server and 1 for IN server with Nord. Have them set up as Gateways rather than routers so then all devices are in the same lan & devices can be talking via Indian or UK servers as per individual settings on device. Unfiltered, with BT FTTH I get 140 down / 30 up with 5ms latency. Via UK server I get 95-115 down / 28 up with 8ms latency and indian server i get 75-95 down / 25ish up with 195-260ms latency. Performance is significantly better with 4b over 3b+ --- like 3 times better - for obvious enhancements. Also I never had much joy on pi as routers and gateways are a flawless setup. Reckon you try gateway over router - same protocol and servers but no nat and no firewall overheads make a huge performance change....

Hi All,

I`ve just received my Pi4B and i`m looking for a VPN to purchase. Which one you recommend ? I have like 50£$ for it.Thanks