We've set up openvpn server on Intel Xeon E3-1230 100Mbit server (CentOS).
But we're experiencing high cpu loads. About 10% cpu time per each 2Mbyte/s download speed. For current speed (100 Mbit) that is probably acceptable but we're planning to go to 1Gbit/s channel.
We've already turned off lzo and lowered aes to 128 bits.
Even with "cipher none" we've got about 5% cpu per 2Mbyte/s which is too high for 1Gbit/s.
Maybe such load is acceptable for described hardware configuration? Could anyone confirm that?
I just dont see why this is happening. All cryptography is accelerated by cpu and should be very fast.
Server config excerpt:
Code: Select all
port 443
proto udp
topology subnet
dev tun
tls-server
tls-auth
client-cert-not-required
username-as-common-name
duplicate-cn
keepalive 10 30
cipher AES-128-CBC