Let there be machines A and B.:
And here's the same going through OpenVPN:
I fully understand that OpenVPN will come at a performance loss. However, I would have never expected this much!
I did a lot of googling but I couldn't find anything wrong with my OpenVPN config. Here's the one of the server (host A):
And here's the one of the client (host B):
As you can see I started dicking around with the
I have also checked the system usage on both hosts. Neither of the hosts seem to have insufficient hardware performance.
I'd appreciate any kind of help!
- A is a baremetal server in a datacenter with 1Gbps connection to the internet. 4x 3.4 GHz Xeon with 32 GB of RAM
- B is a virtual machine running on a KVM cluster in a datacenter with 1Gbps connection to the internet. 4x 2.6 GHz KVM with 8 GB of RAM
Code:
root@A:~ # iperf3 -c 1.2.3.4
Connecting to host 1.2.3.4, port 5201
[ 5] local 5.6.7.8 port 18305 connected to 1.2.3.4 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 3.98 MBytes 33.4 Mbits/sec 0 239 KBytes
[ 5] 1.00-2.00 sec 11.4 MBytes 95.6 Mbits/sec 0 478 KBytes
[ 5] 2.00-3.00 sec 19.9 MBytes 167 Mbits/sec 0 751 KBytes
[ 5] 3.00-4.00 sec 28.7 MBytes 241 Mbits/sec 0 1019 KBytes
[ 5] 4.00-5.00 sec 37.7 MBytes 316 Mbits/sec 0 1.25 MBytes
[ 5] 5.00-6.00 sec 45.8 MBytes 384 Mbits/sec 0 1.51 MBytes
[ 5] 6.00-7.00 sec 53.9 MBytes 452 Mbits/sec 0 1.76 MBytes
[ 5] 7.00-8.00 sec 57.8 MBytes 485 Mbits/sec 0 1.76 MBytes
[ 5] 8.00-8.63 sec 36.2 MBytes 482 Mbits/sec 0 1.76 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-8.63 sec 295 MBytes 287 Mbits/sec 0 sender
[ 5] 0.00-8.63 sec 0.00 Bytes 0.00 bits/sec receiver
And here's the same going through OpenVPN:
Code:
root@A:~ # iperf3 -c 10.8.0.46
Connecting to host 10.8.0.46, port 5201
[ 5] local 10.8.0.1 port 37447 connected to 10.8.0.46 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.45 MBytes 12.1 Mbits/sec 0 1.33 KBytes
[ 5] 1.00-2.00 sec 1.53 MBytes 12.8 Mbits/sec 2 39.7 KBytes
[ 5] 2.00-3.00 sec 1.56 MBytes 13.1 Mbits/sec 1 47.6 KBytes
[ 5] 3.00-4.00 sec 1.55 MBytes 13.0 Mbits/sec 1 53.0 KBytes
[ 5] 4.00-5.00 sec 1.64 MBytes 13.8 Mbits/sec 1 60.9 KBytes
[ 5] 5.00-6.00 sec 1.60 MBytes 13.5 Mbits/sec 1 62.3 KBytes
[ 5] 6.00-7.00 sec 1.66 MBytes 13.9 Mbits/sec 2 35.7 KBytes
[ 5] 7.00-8.00 sec 1.50 MBytes 12.5 Mbits/sec 1 42.3 KBytes
[ 5] 8.00-9.00 sec 1.58 MBytes 13.2 Mbits/sec 1 49.0 KBytes
[ 5] 9.00-10.00 sec 1.56 MBytes 13.1 Mbits/sec 1 55.6 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 15.6 MBytes 13.1 Mbits/sec 11 sender
[ 5] 0.00-10.03 sec 15.5 MBytes 13.0 Mbits/sec receiver
I fully understand that OpenVPN will come at a performance loss. However, I would have never expected this much!
I did a lot of googling but I couldn't find anything wrong with my OpenVPN config. Here's the one of the server (host A):
Code:
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/openvpn-server.crt
key /usr/local/etc/openvpn/keys/openvpn-server.key # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
client-to-client
keepalive 10 120
tls-auth /usr/local/etc/openvpn/keys/ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
explicit-exit-notify 0
# Trying to improve performance...
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
Code:
client
dev tun
proto udp
remote my.fancy.openvpn.host.com 1194
remote-random
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
askpass /usr/local/etc/openvpn/cert.passphrase
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/openvpn-client.crt
key /usr/local/etc/openvpn/keys/openvpn-client.key
remote-cert-tls server
tls-auth /usr/local/etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
verb 3
sndbuf
and rcvbuf
directives but they didn't have any noticeable impact.I have also checked the system usage on both hosts. Neither of the hosts seem to have insufficient hardware performance.
I'd appreciate any kind of help!