slow openvpn links – don’t use max wan bandwidth available

Home Page Forums Network Management VPN slow openvpn links – don’t use max wan bandwidth available

This topic contains 2 replies, has 0 voices, and was last updated by  mrlucas 2 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #44126

    mrlucas
    Member

    Anyone have problems getting their OpenVpn links to run near the speed of their WAN links? I have 50Mb in/out at work and 20Mb in/2 out at home. Theoretically I should be able to get “near” 20Mb moving data from work to home, but I seem to not be able to get past around 5Mbit. Neither link is otherwise saturated, and neither Zeroshell box on either end is maxing a cpu/core. I see the same thing between offices where I have 50/50 and 20/20 connections respectively. I am still unable to get more than 1-5 Mb over my OpenVpn Links.

    Anyone else have similar problems?

    Connection Params:
    keepalive 30 240 –no-replay –tun-mtu 1500 –mssfix –fragment 1450 –persist-tun

    #53568

    mrlucas
    Member

    update:

    I have tried both udp and tcp protocol.
    I have read that some providers throttle udp, and some ip ports, so I have even tried running my vpns on ports 80 and 443, and have not been able to get any better performance.

    #53569

    mrlucas
    Member

    I eventually got back to this and it is no longer a problem. I am unsure what changed between now and then, but it is not an issue for me.

    #53570

    squigley
    Member

    I realise this is 2 years old..

    I did some research into this, and apparently, unless you have pretty beefy boxes on both ends of the VPN, using LZO compression will affect the throughput a lot, and it’s better to not use it..

    I also found a large increase in VPN thoughput (from 15Mbit to 30MBit) by configuring my VPN to use AES-128-CBC rather than blowfish, and utilise the VIA padlock hardware encryption in the C3 CPU in my ZS host by adding “–cipher AES-128-CBC –engine padlock” to the VPN configuration (on both ends).

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.