To be more precise:
I use net/ifstat for current bw testing.
If I push data by netcat over public IPs, it is up to 5MB/s.
If I push data by netcat through VPN, it is up to 400KB/s.
Endusers in LANs also complain about VPN bw.
> You should use curl + nginx (with tmpfs) or iperf for bw testing.
I do not need to get very exact bw. My "netcat test" shows that data transfer
over VPN is ~10 times slower.
> Have you tried your NC on the loopback as a reference ?
$ time nc -N 127.0.0.1 1234 < 50MB.test
0.054u 1.476s 0:10.54 14.4% 0+0k 1281+1io 0pf+0w
> is the HEADER compression activated ?
I do not know. How can I check it out?
> just drop the all sendbug data if you actually want to help.
OpenBSD 6.3 (GENERIC) #0: Wed Apr 25 16:38:25 CEST 2018
rdk@RAC_fw63:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 500
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
real mem = 536363008 (511MB)
avail mem = 512651264 (488MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 20/80/26, BIOS32 rev. 0 @ 0xfac40
pcibios0 at bios0: rev 2.0 @ 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0: (uniprocessor)
mtrr: K6-family MTRR support (2 registers)
amdmsr0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
0:20:0: io address conflict 0x6100/0x100
0:20:0: io address conflict 0x6200/0x200
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x33
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address
00:00:24:cd:90:10
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5, address
00:00:24:cd:90:11
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
vr2 at pci0 dev 8 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 9, address
00:00:24:cd:90:12
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
vr3 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, address
00:00:24:cd:90:13
ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
glxpcib0 at pci0 dev 20 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 32-bit
3579545Hz timer, watchdog, gpio, i2c
gpio0 at glxpcib0: 32 pins
iic0 at glxpcib0
pciide0 at pci0 dev 20 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <SanDisk SDCFH-008G>
wd0: 1-sector PIO, LBA48, 7629MB, 15625216 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 21 function 0 "AMD CS5536 USB" rev 0x02: irq 15, version 1.0,
legacy support
ehci0 at pci0 dev 21 function 1 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00
addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbc0: unable to establish interrupt for irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00
addr 1
ugen0 at uhub1 port 1 "American Power Conversion Smart-UPS C 1500 FW:UPS 10.0 /
ID=1005" rev 2.00/1.06 addr 2
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (3f37e17802c01339.a) swap on wd0b dump on wd0b
> You should use curl + nginx (with tmpfs) or iperf for bw testing.
>
> don't drop data, maybe the driver of the ethernet card is crappy ?
>
> just drop the all sendbug data if you actually want to help.
>
> Have you tried your NC on the loopback as a reference ?
> is the HEADER compression activated ?
On Fri, 18 Jan 2019 09:28:45 -0500
sven falempin <sven.falem...@gmail.com> wrote:
> On Fri, Jan 18, 2019 at 8:58 AM Radek <alee...@gmail.com> wrote:
>
> > I have configured Site-to-Site ikev2 VPN between two routers (Soekris
> > net5501-70).
> > Over the internet my transfer speed between these machines is up to
> > 5000KB/s (it is OK).
> > Over the VPN it is up to 400KB/s only.
> >
> > Is there any way to squeeze more performance out from these hardware and
> > speed up the VPN?
> >
> > Tested with netcat:
> > $ nc 10.0.15.254 1234 < 49MB.test
> > $ nc -l 1234 > 49MB.test
> >
> > $ cat /etc/iked.conf
> > ikev2 quick active esp from $local_gw to $remote_gw \
> > from $local_lan to $remote_lan peer $remote_gw \
> > psk "pass"
> >
> > $ dmesg | head
> > OpenBSD 6.3 (GENERIC) #0: Wed Apr 25 16:38:25 CEST 2018
> > rdk@RAC_fw63:/usr/src/sys/arch/i386/compile/GENERIC
> > cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class)
> > 500 MHz
> > cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
> > real mem = 536363008 (511MB)
> > avail mem = 512651264 (488MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: date 20/80/26, BIOS32 rev. 0 @ 0xfac40
> >
> >
> >
> You should use curl + nginx (with tmpfs) or iperf for bw testing.
>
> don't drop data, maybe the driver of the ethernet card is crappy ?
>
> just drop the all sendbug data if you actually want to help.
>
> Have you tried your NC on the loopback as a reference ?
> is the HEADER compression activated ?
>
> --
> --
> ---------------------------------------------------------------------------------------------------------------------
> Knowing is not enough; we must apply. Willing is not enough; we must do
--
radek
