OpenVPN Performance

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
marcapo
OpenVpn Newbie
Posts: 6
Joined: Fri Jan 29, 2021 8:43 am

OpenVPN Performance

Post by marcapo » Mon Aug 29, 2022 1:42 pm

Hi,
we've got an OpenVPN-AS with failover on version 2.11.0.
Works fine except for the performance.
Its an bare-metal Server on Ubuntu22 with only openvpn-server as service.
SSD, 32GB RAM and Intel Xeon E5-2697A v4 CPU.
The Uplink is 1Gbit dedicated synchronous.
Speedtest result and other performancetests confirm that the bandwich is useable.
The Client got 1 Gbit download too.

If we try to copy an single big file from openvpnserver to an connected Client we got around 6-10MB/s.

Here are the server and client example configs

Server Config

{
"admin_ui.https.ip_address": "all",
"admin_ui.https.port": "943",
"aui.eula_version": "3",
"auth.ldap.0.add_req": "XX",
"auth.ldap.0.bind_dn": "XX",
"auth.ldap.0.bind_pw": "XX",
"auth.ldap.0.case_sensitive": "false",
"auth.ldap.0.enable": "true",
"auth.ldap.0.name": "My LDAP servers",
"auth.ldap.0.server.0.host": "XX",
"auth.ldap.0.server.1.host": "XX",
"auth.ldap.0.ssl_ca_cert": "/etc/ssl/certs/XX.pem",
"auth.ldap.0.ssl_verify": "internal",
"auth.ldap.0.timeout": "4",
"auth.ldap.0.uname_attr": "sAMAccountName",
"auth.ldap.0.use_ssl": "never",
"auth.ldap.0.user_exists_check": "true",
"auth.ldap.0.users_base_dn": "XX",
"auth.module.type": "ldap",
"auth.pam.0.service": "openvpnas",
"auth.radius.0.acct_enable": "false",
"auth.radius.0.name": "My Radius servers",
"cs.admin_only": "false",
"cs.ca_bundle": "XX",
"cs.cert": "XX",
"cs.cws.pwd_change": "false",
"cs.cws.pwd_strength": "true",
"cs.cws_proto_v2": "true",
"cs.cws_ui_offer.android": "true",
"cs.cws_ui_offer.autologin": "true",
"cs.cws_ui_offer.ios": "true",
"cs.cws_ui_offer.linux": "true",
"cs.cws_ui_offer.mac": "false",
"cs.cws_ui_offer.mac_v3": "true",
"cs.cws_ui_offer.server_locked": "false",
"cs.cws_ui_offer.user_locked": "true",
"cs.cws_ui_offer.win": "false",
"cs.cws_ui_offer.win_v3": "true",
"cs.https.ip_address": "all",
"cs.https.port": "943",
"cs.priv_key": "XX",
"cs.prof_sign_web": "true",
"cs.tls_version_min": "1.3",
"dbpush.hosts.0.enable": "true",
"dbpush.hosts.0.internal": "PRIMARY",
"dbpush.hosts.0.password": "",
"dbpush.hosts.0.public": "XX",
"dbpush.hosts.0.ssh_port": "22",
"dbpush.hosts.0.username": "root",
"dbpush.hosts.1.enable": "true",
"dbpush.hosts.1.internal": "SECONDARY",
"dbpush.hosts.1.password": "",
"dbpush.hosts.1.public": "XX",
"dbpush.hosts.1.ssh_port": "22",
"dbpush.hosts.1.username": "root",
"failover.mode": "ucarp",
"host.name": "XX",
"sa.compression_warning_shown": "displayed",
"sa.initial_run_groups.0": "web_group",
"sa.initial_run_groups.1": "openvpn_group",
"ssl_api.local_addr": "all",
"ssl_api.local_port": "945",
"subscription.bundle": "",
"subscription.saved_state": "",
"ucarp.addr": "XX",
"ucarp.secret": "XX",
"upgrade.current_version": "2.10.2",
"upgrade.initial_version": "2.10.1",
"vpn.client.basic": "false",
"vpn.client.cipher": "AES-256-CBC",
"vpn.client.config_text": "route-metric 10\nregister-dns",
"vpn.client.routing.inter_client": "true",
"vpn.client.routing.reroute_dns": "true",
"vpn.client.routing.reroute_gw": "false",
"vpn.daemon.0.client.netmask_bits": "21",
"vpn.daemon.0.client.network": "XX",
"vpn.daemon.0.listen.ip_address": "all",
"vpn.daemon.0.listen.port": "443",
"vpn.daemon.0.listen.protocol": "tcp",
"vpn.daemon.0.server.ip_address": "all",
"vpn.general.osi_layer": "3",
"vpn.server.cipher": "AES-256-CBC",
"vpn.server.config_text": "",
"vpn.server.daemon.enable": "true",
"vpn.server.daemon.ovpndco": "false",
"vpn.server.daemon.protocols": "both",
"vpn.server.daemon.tcp.n_daemons": "32",
"vpn.server.daemon.tcp.port": "443",
"vpn.server.daemon.udp.n_daemons": "32",
"vpn.server.daemon.udp.port": "1194",
"vpn.server.data_ciphers": "AES-256-GCM:Chacha20-Poly1305:AES-128-GCM:AES-256-CBC",
"vpn.server.dhcp_option.adapter_domain_suffix": "XX",
"vpn.server.dhcp_option.domain": "XX",
"vpn.server.duplicate_cn": "true",
"vpn.server.enable_cipher_fallback": "false",
"vpn.server.foreign_bridge": "",
"vpn.server.group_pool.0": "XX",
"vpn.server.port_share.enable": "false",
"vpn.server.port_share.ip_address": "1.2.3.4",
"vpn.server.port_share.port": "1234",
"vpn.server.port_share.service": "custom",
"vpn.server.routing.allow_private_nets_to_clients": "true",
"vpn.server.routing.gateway_access": "true",
"vpn.server.routing.private_access": "route",
"vpn.server.routing.private_network.0": "XX",
"vpn.server.routing.private_network.1": "XX",
"vpn.server.routing.private_network.10": "XX",
"vpn.server.routing.private_network.11": "XX",
"vpn.server.routing.private_network.2": "XX",
"vpn.server.routing.private_network.3": "XX",
"vpn.server.routing.private_network.4": "XX",
"vpn.server.routing.private_network.5": "XX",
"vpn.server.routing.private_network.6": "XX",
"vpn.server.routing.private_network.7": "XX",
"vpn.server.routing.private_network.8": "XX",
"vpn.server.routing.private_network.9": "XX",
"vpn.server.static.0.netmask_bits": "21",
"vpn.server.static.0.network": "XX",
"vpn.server.tls_cc_security": "tls-cryptv2",
"vpn.server.tls_version_min": "1.3",
"vpn.tls_refresh.interval": "60",
"xmlrpc.relay_level": "0"
}



Client Config
# This is a comment
# Automatically generated OpenVPN client config file
# Generated on Fri Mar 18 16:02:15 2022 by xx.xx.xx
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Certificate serial: 45, certificate common name: xx
# Expires 2032-03-15 16:02:15
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=xx
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=xx@xx.xx.xx

# Default Cipher
cipher AES-256-CBC
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=xx.xx.xx:943
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
XX
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
XX
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
XX
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=0
client
server-poll-timeout 4
nobind
remote xx.xx.xx 1194 udp
remote xx.xx.xx 1194 udp
remote xx.xx.xx 443 tcp
remote xx.xx.xx 1194 udp
remote xx.xx.xx 1194 udp
remote xx.xx.xx 1194 udp
remote xx.xx.xx 1194 udp
remote xx.xx.xx 1194 udp
dev tun
dev-type tun
remote-cert-tls server
tls-version-min 1.2
reneg-sec 604800
auth-user-pass
verb 3
push-peer-info

<ca>
-----BEGIN CERTIFICATE-----
XX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XX
-----END PRIVATE KEY-----
</key>
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----
XX
-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>

# Extra user-defined configuration
route-metric 10
## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----




Are we doing anything wrong? We didnt expect to got the full 100MB/s but 6-10MB/s with this Hardware? Seams we missing here anything.
Thanks for your Tips!

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: OpenVPN Performance

Post by openvpn_inc » Wed Aug 31, 2022 9:03 pm

Hi Marc,

Ubuntu 22? Are you sure? I don't think we have released that yet. Coming soon, of course. (correction: it's out already since 2.11.0 release - sorry)

Can you show us iperf3 test results between the client and server, both with and without a VPN connection? (You might have to open the port in your firewall.)

Could client's upload bandwidth be a factor? You didn't say exactly where this downloaded file was located relative to VPN server and client.

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

thund
OpenVpn Newbie
Posts: 2
Joined: Mon Aug 03, 2020 2:46 am

Re: OpenVPN Performance

Post by thund » Tue Sep 06, 2022 12:34 am

Speed of client has been limit by client network interface. For PC, it's usually 100Mbps. You have to test on a server with a greater network interface

Post Reply