This is my first post in this forum! Thanks for having me.
I am having troubles getting a good performance on an OpenVPN installation using latest Access Server and OpenVPN Connect Client.
We are a medium sized media group and due to the current situation in europe with the virus, we are looking to have a VPN solution that is trimmed to performance, instead of high security! On the Server side we have a symmetrical gigabit WAN connection, and the ESXI installation is connected over 40Gb/s fiber optics. We do have a Firewall running between the switches/OpenVPN Server and the WAN connection, so that is something to keep in mind. Speedtest of this Gigabit WAN to the nearest available external speedtest server gives us something around 800mbit/s up and download.
On the client side on a completely other ISP in a building 6 miles away i am also testing with a symmetrical gigabit connection. With speedtests i am coming in at around 700mbit/s up and down. So theoretically the highest available bandwith in this scenario on paper is 700mbit/s
I am running the Access Server ESXI virtual machine on 24 Cores Xeon CPU, 16GB RAM with the Virtual Harddrive having a tested 300-400MB/s read and write speeds. On the client side i am testing with a 8-Core MacOS client and a 12-Core Windows 10 client, both with a gigabit connection to a switch on the same gigabit WAN connection.
I have tested the speeds below with iperf3 both on the MacOS and Windows 10 VPN Client to iperf3 running on the VPN Access Server itself over the VPN Tunnel by using
Code: Select all
iperf -c <local VPN Server IP> -P 10I have followed this guide to disable the cipher:
https://openvpn.net/vpn-server-resource ... ss-server/
I have then followed this guide and read through it to do some more testing and performance improving:
https://community.openvpn.net/openvpn/w ... orks_Linux
The best i could get was 200-250mbit/s by using the following settings on both the server and the client:
However, this only reflects in MacOS, in Windows it is still at 60-80mbit/s
Code: Select all
cipher none
txqueuelen 1000
mssfix 0
tun-mtu 24000Somewhere in the guide, it states that using MTU changes doesn't help if you're going over the WAN, but i'm not sure how that translates to my setup, since it seems tuning the MTU gets me alot better performance. Also what's kind of strange is that they get speeds with
Code: Select all
cipher noneCode: Select all
auth noneCode: Select all
auth noneThe Firewall that is in between really is just configured to route traffic through from the WAN to the OpenVPN Server, i am not sure if it does anything with the packages. I will try to get more info on that by our partner that did the Firewall installation, but maybe we can find a solution that doesn't require reconfiguring the firewall but just optimizing the VPN itself.
Sorry if i forgot any important infos. Panic broke out here the last few days in the company because of COVID and that's why i had to look into OpenVPN really quick and dirty yesterday and have worked my way onto a working solution in just one day, but i am in no means a pro when it comes to OpenVPN! Thank you alot in advance for every single tip you can give me regarding Performance boosts!