Teng Teng Toa 2 Posted ... I've been using AirVPN with OpenVPN for years and switched to WireGuard for a while now. Recently I needed to have my connection over OpenVPN and noticed a "delay" in the connection. After testing I noticed my OpenVPN connection did not go much higher than 110-120mbit while WireGuard saturates my connection easily (getting 490 from my 500mbit connection). This is done on the same server. Of course tried other servers as well. I think I tried everything I can think of. Running pfSense CE 2.7 here on a Intel J4125 box with Intel I226 network ports. Of course this box support AES-NI, activated in the options and in my OpenVPN config I have enabled hardware crypto "Intel RDRAND engine - RAND". I've followed the guide here: https://nguvu.org/pfsense/pfsense-baseline-setup/Here are the details of the config I'm using: UDP port 443 Data encryption: AES-256-GCM Fallback D E: AES-256-CBC Auth digest: SHA256 UDP Fast IO: enabled Send/receive bugger: 512KiB Custom options: client; persist-key; persist-tun; remote-cert-tls server; prng sha256 64; mlock; auth-nocache; pull-filter ignore "ifconfig-ipv6"; pull-filter ignore "route-ipv6";I have tried and tested the following: Changing UDP port to 80, 1194 and others Changed data encryption to: chacha, AES-256-CBC (instead of fallback) Auth Digest change to 384 and 512 Send and receive buffer to 256KiB, 1 and 2MiB Custom option prng sha512 64 Changed MTU to 1478 on the OpenVPN interface Nothing seems to help significantly and it seems to be stuck around 120mbit max, sometimes a little higher but never hittings about 160. Where WireGuard hits the ceiling constantly. In the past, when I used OpenVPN exclusively, I hit speeds around 350 - 400. Is there something more I can check to have better speeds for OpenVPN? Quote Share this post Link to post
Air4141841 23 Posted ... I'm running a opnsense appliance dec670 AMD GX-416RA SOC (4 cores, 4 threads) factory out of box. no changes. using airvpn. I have never gotten above the numbers you have listed 120Mb on my 500Mb Symmetrical fiber line. here is my config using entry point 3 or 4 : us4.vpn.airdns.org. I've tried cha cha and Aes 256 pull-filter ignore "ifconfig-ipv6 "; pull-filter ignore "route-ipv6 "; remote-cert-tls server; sndbuf 524288; rcvbuf 524288; allow-compression asym; compression per a last ticket to support is set ti legacy comp Lzo NO would love to hear suggestions as I have no interesting to try wireguard. Quote Share this post Link to post
Air4141841 23 Posted ... I am guessing this may be worth trying for you. openvpn it sounds like is forcing chacha data channel open advanced configuration. try another one. : data-ciphers AES-128-GCM. data-ciphers AES-256-GCM for example. after changing data cipher to NONE. and adding the above, I am getting consistency higher speeds. and I now see in verb3 logs its connecting at what I am choosing before it ONLY used chacha no matter what I chose let me know if this helps. Quote Share this post Link to post
Teng Teng Toa 2 Posted ... @Air4141841 Thanks for the reply and help! Unfortunately it does not change anything for me. Still same results... Quote Share this post Link to post
Air4141841 23 Posted ... if 128 gcm isn't any faster. I would be looking at replacing the router Quote Share this post Link to post
Teng Teng Toa 2 Posted ... 128 GCM is indeed the same. Router is brand new. It's a J4125 with 2.5GB/s Intel i226 network ports. I don't think the problem is the machine. Quote Share this post Link to post
Air4141841 23 Posted ... apologies, I thought this was the TP link router thread. my speeds have increased to 140Mb to 150Mb maybe once since I made my change to 128GCM> using a 512kb snd and rcv buffer hopefully someone else will have better ideas for us. Quote Share this post Link to post
Not connected, Your IP: 3.147.42.168
Online: 23690 users - 280529 Mbit/s total BW