Test Setup:
Debian 10 Server with openVPN
Config:
Server
local 192.168.41.129
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 192.168.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.2.1"
push "redirect-gateway local def1 bypass-dhcp"
dh none
crl-verify crl.pem
ca ca.crt
cert server_Nbc8s31D6zMnjGhY.crt
key server_Nbc8s31D6zMnjGhY.key
auth none
cipher none
ncp-disable
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 192.168.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.2.1"
push "redirect-gateway local def1 bypass-dhcp"
dh none
crl-verify crl.pem
ca ca.crt
cert server_Nbc8s31D6zMnjGhY.crt
key server_Nbc8s31D6zMnjGhY.key
auth none
cipher none
ncp-disable
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
optional:
sndbuf 0
rcvbuf 0
one of the two clients:
Client
client
proto udp
explicit-exit-notify
remote 192.168.41.129 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_Nbc8s31D6zMnjGhY name
auth none
cipher none
ncp-disable
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIB2DCCAX2gAwIBAgIUNeqfcao9jtyqm7tobpzd0X1dDukwCgYIKoZIzj0EAwIw
HjEcMBoGA1UEAwwTY25fNVRMMXlxTXpGMkJGdHBuajAeFw0yMTA1MDMxMTQ3NDZa
Fw0zMTA1MDExMTQ3NDZaMB4xHDAaBgNVBAMME2NuXzVUTDF5cU16RjJCRnRwbmow
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASDw/54BQzHll1yhUlByknDJEpcyWGl
uM1F+TdcZRMGiGoxU/gewxLDYQRaC4HT0Fcg745VlVTxdBZFgJ486aCQo4GYMIGV
MB0GA1UdDgQWBBTzsOv9SmqOmkzjwHaG2uhhy3eb5TBZBgNVHSMEUjBQgBTzsOv9
SmqOmkzjwHaG2uhhy3eb5aEipCAwHjEcMBoGA1UEAwwTY25fNVRMMXlxTXpGMkJG
dHBuaoIUNeqfcao9jtyqm7tobpzd0X1dDukwDAYDVR0TBAUwAwEB/zALBgNVHQ8E
BAMCAQYwCgYIKoZIzj0EAwIDSQAwRgIhAMk/LVL8akFPSKLIkpxHJXmaedH3i/oJ
Jg0W2A3MLT16AiEApPbiuY9YbvOf9OzXtyziWWOWw2XmI4wf+n9xjN518cs=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIB3DCCAYKgAwIBAgIRAN0/R12CjAdSh2/aKEavC3EwCgYIKoZIzj0EAwIwHjEc
MBoGA1UEAwwTY25fNVRMMXlxTXpGMkJGdHBuajAeFw0yMTA1MDMxMzUyMjRaFw0y
MzA4MDYxMzUyMjRaMBQxEjAQBgNVBAMMCWRlbW91c2VyMjBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABKHmQ4l+ukUmF3RUidDcsUZc7xhVRXRKhIWmA4mPOXQIM+6q
x0LS8paIbecXDy2rLe7EOSF/d69tLlLe+0SRL1KjgaowgacwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUZn0jHSaMVvcmeTWCkqIkV8Dbb98wWQYDVR0jBFIwUIAU87Dr/Upq
jppM48B2htroYct3m+WhIqQgMB4xHDAaBgNVBAMME2NuXzVUTDF5cU16RjJCRnRw
bmqCFDXqn3GqPY7cqpu7aG6c3dF9XQ7pMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsG
A1UdDwQEAwIHgDAKBggqhkjOPQQDAgNIADBFAiBy/YI+b6xmTJ1tjdS8dN5WUQCa
0koVu2zaVnVO8dkySwIhAKiXdpTG4r3oE5/68wNqRQuXqEAMYT6BEd9xRz4+WIAf
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgl5rBrxK913ndHxuP
nfE1ZCnm/8jvTc59YNRYDG9sLKChRANCAASh5kOJfrpFJhd0VInQ3LFGXO8YVUV0
SoSFpgOJjzl0CDPuqsdC0vKWiG3nFw8tqy3uxDkhf3evbS5S3vtEkS9S
-----END PRIVATE KEY-----
</key>
optional: windows-driver wintun
Two windows clients are connected to the VPN (one is the iperf client the other the iperf server). Direct connection about 960mbit while when the are using openvpn it is about 100mbit. I see that the server goes up to 90% CPU but I don't understand why as all "calculations" (encryption) is disabled. It should simply forward the packages...
Is there any explanation?
