zoonderkins
commented
7 years ago I think base on the encryption level and which kind of protocol u used (TCP or UDP)
Closed fidesachates closed 7 years ago
zoonderkins
commented
7 years ago I think base on the encryption level and which kind of protocol u used (TCP or UDP)
atulsian89
commented
7 years ago I have the same issue with openvpn on my S7 Edge and HP Specter x360 on a 60/60, I get 30/30 or some times more than. Never i got full 60/60 on UDP port. But, when I use shadowsocks, I get full 60/60.
zoonderkins
commented
7 years ago Shadowsocks isn't a real VPN so ...hmm u can get full speed Openvpn u can choose lower encryption strength (128-bit encryption is faster than 256-bit)
TCP – Short for Transmission Control Protocol, TCP includes error checking and confirms delivery of all packets. This means it is a more reliable protocol if the delivery of every data packet is essential. It’s also slower.
UDP – User Datagram Protocol is the FASTEST option for OpenVPN because it doesn’t confirm the delivery of any data packets. It is well-suited for high-bandwidth VPN uses like HD video streaming or P2P file-sharing with BitTorrent.
atulsian89
commented
7 years ago Yes sir, I know it is not a VPN. Everyone has their own choice. I like openvpn, but shadowsocks does what openvpn does but with better speed and kind of same protection from DPI, anti relay attacks and with new AEAD encryption it is much more secure.
andreagrax
commented
7 years ago Have you tried to run top/htop on the steisand instance during your test? just to know if the bottleneck is the CPU (I hardly believe the disk or the RAM could be the problem)
fidesachates
commented
7 years ago @ookangzheng I'm using aes-256-cbc which is supported by the processor in my client box.
[2.3.3-RELEASE][admin@cerberus.private]/root: /usr/bin/openssl engine -t -c
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]
[ available ]
(rsax) RSAX engine support
[RSA]
[ available ]
(rdrand) Intel RDRAND engine
[RAND]
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]@andreagrax I have been running top on both client and server machines and as I said earlier, cpu usage does not max out (above I said never above 7%, but on my server I did see it go to 10% recently).
The client router box I have is GB-BSi3HAL-6100.
fidesachates
commented
7 years ago Interestingly, this morning I reran the speed test and I came up with much better results 3 times in a row. I got speeds 0f 90/80, 90/90, and 90/60.
I still think there's something to fix here. I'm running powerful machines here so I don't think there should be this much discrepancy on my speed tests between vpn off and vpn on. I recorded the top and the speed test if anyone is interested.
I should also mention that I've messed with the openvpn file in that I added over 100 routes to exclude netflix ips from the vpn.
fidesachates
commented
7 years ago Well the 90/80 speeds never occurred again. I'm now back to around 50-60/90. These numbers have been consistent for a few days now.
What's interesting is that the upload has no issue. Is there any tip or hint into what to look into?
cpu
commented
7 years ago At present we don't have the resources to help you optimize network throughput. I apologize. Thanks for understanding.
Hi,
I'm using pfsense on a box with 2.4 Ghz processor speed and AES-NI encyrption running a open vpn client to my aws setup streisand openvpn server, but for the life of me, I can't figure out why my speeds are half of what they are without vpn. I get 100/100 when not running the vpn, but I'm getting 40/80 with the vpn.
Is there tuning that should be done here? I'm happy to provide more details as I would LOVE to get this working! Thanks in advance!