Page 1 of 1

Throughput: OpenVPN TurnkeyLinux Virtual Appliance

Posted: Sun Apr 22, 2018 5:38 pm
by CLV
Hi all,

I've got no complaints or issues, just a sort of question WRT OpenVPN and throughput potential that's been raised by some ad hoc testing I've been doing.

I have a small personal lab with an ESXi server. On that server I have several things running, including an OpenVPN 'virtual appliance', essentially a preconfigured OpenVPN setup running on Ubuntu server. It's pretty slick and I've been using it for some time with no issues. My WAN connection is capable of around ~320 Mbps down and ~20 Mbps up, but if I take the same giga-eth wired workstation and pipe it via the OpenVPN server I get around ~90 Mbps down and ~20 up. This is entirely adequate but seems a little disappointing considering the hardware (Intel Xeon) and the copper connections and so on. The ping time is not much changed.

The CPU utilization seems to indicate that one core of the VM is being run over half utilization during the speed test, just judging from the ESXi perf counters.

Is this about what to expect from a single connection on this setup, or should I change some setting to get more throughput?

The VM is 1gb memory and 4 cores, but I believe OVPN is single thread anyway right?

Re: Throughput: OpenVPN TurnkeyLinux Virtual Appliance

Posted: Sun Apr 22, 2018 11:48 pm
by CLV
My server config:

port 1194
proto udp
dev tun

keepalive 10 120

cipher AES-256-CBC

user nobody
group nogroup

chroot /etc/openvpn/easy-rsa/keys/crl.jail
crl-verify crl.pem

ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key /etc/openvpn/easy-rsa/keys/server.key
cert /etc/openvpn/easy-rsa/keys/server.crt

ifconfig-pool-persist /var/lib/openvpn/server.ipp
client-config-dir /etc/openvpn/server.ccd
status /var/log/openvpn/server.log
verb 4

server 10.x.x.0

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.x.x.x"
push "dhcp-option WINS 10.x.x.x"

Re: Throughput: OpenVPN TurnkeyLinux Virtual Appliance

Posted: Wed Apr 25, 2018 3:00 pm
by CLV
After a little google-fu I'm starting to think this is tied to the mysterious "100Mbps limit" that seems to afflict OpenVPN. I've not read a good writeup on what the bottleneck is, however. The machine I'm running OpenVPN on is a 12 core/24 thread dual socket Xeon server acting as a VMWare host, with OpenVPN running on a virtual Linux appliance. I've allocated 4 cores to the OpenVPN appliance.

Since OpenVPN is single threaded and each individual core of the server is relatively slow (~2.4 GHz) I'm not sure if CPU speed is a factor or not. I did try connecting two devices and running the speed test on them concurrently. The ~90Mbps I'm seeing did seem to be split between the two devices, so preliminary experimentation does seem to indicate the bottleneck may be at the server side and not the client side.

Still looking at this in my spare time ....