Hi, on my Omnia 5.1.4 i use OpenVPN, working OK, but performance is not best. It has cca half speed compared to traffic without VPN. Without VPN i can download (copy) file from server on full upload speed of connection around 50Mb/s, the same file copy over VPN from same server is on half of speed cca 25 Mb/s.
Is it something i have to live with it as its normal, or is there possibility to tweak performance?
I tried to do trick like change cipher, play with compression lzo, lz4-v2, mtu changes, but these tricks does not make any change in speed.
Connection is asynchronous, but its 350/40 Mb/s Fibre server side, on client there is 150 Mb/s download fibre. So dowmload speed from server uses 40 Mb/s upload limit. Without VPN goes even over this limit to 50Mb/s, bit with VPN its 25Mb/s max.
I tried many different configuration options to optimize OpenVPN on Omnia. It is limited by single thread use and usermode. Best i could manage with secure cipherd was stable 99 Mbit/s in a testing environment with direct ethernet connection. If you want maximum performance VPN you should look into wireguard (>500mbit). Next version OpenVPN 2.5 now supports PolyChaCha Cipher for data channel as well which will probably improve Performance significantly (hopefully in next openwrt release)
I made working also WireGuard VPN Server running on my Omnia, next to OpenVPN running on same Omnia.
Simple data copy tests shows better performance of WireGuard, but for my real scenario of client-server app (desktop app on client communicating with SQL server via VPN) has no benefit. Both WireGuard and OpenVPN have exact same performance, meaning its just slow. But its probably general problem of SQL communication sensitivity for latency.
Benefit of OpenVPN is better support for domain environment, i am missing DOMAIN parameter in WireGuard options, or i just dont know how to do it. Routing to domain controller via WireGuard VPN is then not as good as via OpenVPN, here OpenVPN is winner.
There is no need for using compression option at all, just disable it. Also active TLS can degrade the throughput (especially when you changed the cipher list and you have some more modern/robust ciphers at use). Aside Ludus, Pakon, IDS (tools using Suricata to inspect packets) can slow down the traffic as each packet is inspected on-fly and that requires some system resources. So check also the cpu utilization.
Hi,
these tests are not relevant for my scenario. Technically, VPN uses my Server-side UPLOAD limits, thats not the problem in standard data copy scenarios.
My scenario is about SQL traffic on Client-Server application in domain environment. Tests in the link are normal tests, which does not cover my scenario at all.