OpenVPN Client settings - Decrease CPU load

[FPyro 2]

Hi!

I have a few questions about the OpenVPN Client settings. I've noticed for example that there seems to be a soft reset every hour... what is that good for and is there a way to increase that time?

Also, there seems to be a very long key, or rather a good encryption. I personally might not find that necessary:

Is there a way to lower the encryption level to increase performance (or decrease cpu load) for example?

Thank you

[Staff 9972]

Hi!

I have a few questions about the OpenVPN Client settings. I've noticed for example that there seems to be a soft reset every hour... what is that good for and is there a way to increase that time?

Hello!

It's the TLS rekeying, an OpenVPN smart feature. You can't increase that time (it should be done on the server side) but you don't need to. It is a nice security feature which does not add any practical overhead. During SSL/TLS rekeying, there is a transition-window parameter that permits overlap between old and new key usage, so there is no time pressure or latency bottleneck during SSL/TLS renegotiations.

Also, there seems to be a very long key, or rather a good encryption. I personally might not find that necessary:

Is there a way to lower the encryption level to increase performance (or decrease cpu load) for example?

Thank you

The main load on the CPU is the encryption/decryption on the data channel, currently AES-256-CBC. We're sorry, we have no plans to lower encryption strength on the data channel. On the contrary, we are evaluating whether to raise it up in the future.

A dual core Atom can handle at least 35 Mbit/s throughput with AES-256-CBC, while even old processors (from Athlon64 and newer) should have no problems to handle at least 100 Mbit/s. Low-consumption old CPU on DD-WRT routers can handle up to 7 Mbit/s.

Kind regards