OpenVPN Routed Performance Issue

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mgorbach
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 09, 2012 3:27 pm

OpenVPN Routed Performance Issue

Post by mgorbach » Mon Jan 09, 2012 3:28 pm

Hello,
I'm having a lot of trouble getting OpenVPN performance to be what I would expect with my new OpenVPN setup. The network looks like this:

Home LAN 172.16.1.0/24
VPN Clients (10.8.0.0/24) -> Airport Extreme (forwarding OpenVPN port) -> OpenVPN Server (listening on OpenVPN port 1294)
-> Home iMac
-> NAS Box

I am using routing, with the following config file. Routing is set up using IP Masquerading on the OpenVPN server, because I can't create static routes on my gateway, which is an Airport Extreme). Note that CPU usage on the VPN server is minimal throughout all the tests below.

Server config:
port 1294
proto udp
dev tun
ca privnet/ca.crt
cert privnet/server.crt
key privnet/server.key
dh privnet/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 4
script-security 2
push "route 172.16.1.0 255.255.255.0"
topology subnet
route 192.168.163.0 255.255.255.0 10.8.0.2
tun-mtu 1500
fragment 1000
mssfix

The tests I am running use only one VPN client.
Without the fragment and mssfix lines in both the client and server configs, performance was so bad that I got one VNC frame or so per second when VPNing across two 35Mb FiOS connections. When I added these lines, VPN performance improved but is still extremely slow.
My easier test case though is SCP performance.
Client downloading via SCP form the OpenVPN server without VPN is fast (1 MBps).
Client downloading via SCP from the OpenVPN server with VPN activated (using the VPN servers local LAN IP and port) is fast (1 MBps)
Client downloading via SCP from _any other computer on the OpenVPN server's subnet_ with VPN activated is extremely slow (<50 KBps).

Client uploading via SCP to the OpenVPN server without VPN is fast (>300 KBps)
Client uploading via SCP to the OpenVPN server with VPN activated is fast (>300 KBps)
Client uploading via SCP to any other computer on the OpenVPN server's subnet with VPN activated is fast (>300 KBps)

Can anyone suggest what to do, and why I'm seeing these vastly differing speeds?
Top
Post Reply

Return to “Configuration”