Jump to content
Not connected, Your IP: 3.141.201.46

Recommended Posts

I've been using AirVPN with OpenVPN for years and switched to WireGuard for a while now.
Recently I needed to have my connection over OpenVPN and noticed a "delay" in the connection.
After testing I noticed my OpenVPN connection did not go much higher than 110-120mbit while WireGuard saturates my connection easily (getting 490 from my 500mbit connection).
This is done on the same server. Of course tried other servers as well. I think I tried everything I can think of.

Running pfSense CE 2.7 here on a Intel J4125 box with Intel I226 network ports.
Of course this box support AES-NI, activated in the options and in my OpenVPN config I have enabled hardware crypto "Intel RDRAND engine - RAND".
I've followed the guide here: https://nguvu.org/pfsense/pfsense-baseline-setup/

Here are the details of the config I'm using:
UDP port 443
Data encryption: AES-256-GCM
Fallback D E:  AES-256-CBC
Auth digest: SHA256
UDP Fast IO: enabled
Send/receive bugger: 512KiB
Custom options: client; persist-key; persist-tun; remote-cert-tls server; prng sha256 64; mlock; auth-nocache; pull-filter ignore "ifconfig-ipv6"; pull-filter ignore "route-ipv6";

I have tried and tested the following:
Changing UDP port to 80, 1194 and others
Changed data encryption to: chacha, AES-256-CBC (instead of fallback)
Auth Digest change to 384 and 512
Send and receive buffer to 256KiB, 1 and 2MiB
Custom option prng sha512 64
Changed MTU to 1478 on the OpenVPN interface

Nothing seems to help significantly and it seems to be stuck around 120mbit max, sometimes a little higher but never hittings about 160.
Where WireGuard hits the ceiling constantly.

In the past, when I used OpenVPN exclusively, I hit speeds around 350 - 400.

Is there something more I can check to have better speeds for OpenVPN?
 

Share this post


Link to post

I'm running a opnsense appliance dec670 

AMD GX-416RA SOC (4 cores, 4 threads)

factory out of box.  no changes.
using airvpn.   I have never gotten above the numbers you have listed 120Mb on my 500Mb Symmetrical fiber line. 

here is my config using entry point 3 or 4 :  us4.vpn.airdns.org. I've tried cha cha and Aes 256
pull-filter ignore "ifconfig-ipv6 ";
pull-filter ignore "route-ipv6 ";
remote-cert-tls server;
sndbuf 524288;
rcvbuf 524288;
allow-compression asym;  
 compression per a last ticket to support is set ti legacy comp Lzo NO 

would love to hear suggestions as I have no interesting to try wireguard. 

 

Share this post


Link to post

I am guessing this may be worth trying for you. openvpn it sounds like is forcing chacha data channel 

open advanced configuration.   try another one.  :

data-ciphers AES-128-GCM.   
data-ciphers AES-256-GCM

for example.     after changing data cipher to NONE.   and adding the above, I am getting consistency higher speeds.    and I now see in verb3 logs its connecting at what I am choosing before it ONLY used chacha no matter what I chose       let me know if this helps.   

Share this post


Link to post

apologies, I thought this was the TP link router thread.
my speeds have increased to 140Mb to 150Mb maybe once since I made my change to 128GCM>
using a 512kb snd and rcv buffer 
hopefully someone else will have better ideas for us. 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...