Re: [Openvpn-users] Expected transfer speed LAN-LAN using OpenVPN?
On Sat, 12 Feb 2022 19:54:20 , tincantech via Openvpn-users wrote: > regarding your bottleneck, try iperf3 without the VPN but across the real > internet. Hm, That would entail having a way to enter my home LAN in a similar way as with VPN, right? I do have a few DDNS domain names pointing to my router's external address already, so I could add a new port forward for a not so common port (temporarily). If I set up a port forward for such a port to the local server I guess I can then use iperf3 to make a connection and check speed while bypassing the OpenVPN encryption bottleneck. Like doing this with port 33456 forwarded by the router to the OpenVPN server: Server: iperf3 -s -p 33456 -1 -f K Client: iperf3 -c -p 33456 -f K - So I tried that: -- $ iperf3 -c .boberglund.com -p 33456 -f K Connecting to host .boberglund.com, port 33456 [ 5] local 192.168.117.251 port 55484 connected to 158.174.1xx.1yy port 33456 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 2.40 MBytes 2456 KBytes/sec 50 7.07 KBytes [ 5] 1.00-2.00 sec 1.43 MBytes 1459 KBytes/sec 34 5.66 KBytes [ 5] 2.00-3.00 sec 1.25 MBytes 1277 KBytes/sec 39 7.07 KBytes [ 5] 3.00-4.00 sec 1.07 MBytes 1094 KBytes/sec 35 4.24 KBytes [ 5] 4.00-5.00 sec 1.43 MBytes 1460 KBytes/sec 29 9.90 KBytes [ 5] 5.00-6.00 sec 912 KBytes 912 KBytes/sec 34 1.41 KBytes [ 5] 6.00-7.00 sec 1.07 MBytes 1095 KBytes/sec 33 5.66 KBytes [ 5] 7.00-8.00 sec 1.25 MBytes 1277 KBytes/sec 39 9.90 KBytes [ 5] 8.00-9.00 sec 1.43 MBytes 1459 KBytes/sec 42 4.24 KBytes [ 5] 9.00-10.00 sec 1.25 MBytes 1277 KBytes/sec 37 4.24 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 13.4 MBytes 1377 KBytes/sec 372 sender [ 5] 0.00-10.00 sec 13.0 MBytes 1336 KBytes/sec receiver iperf Done. --- End of test --- Seems like I am getting the exact same result here, about 10 Mbit/s only... When I run the test I have to be connected with PuTTY to the remote client and this passes through the VPN tunnel. I hope that is not disturbing the measurements. I assume that there is no encryption involved with the transfers here? The VPN connection is set up to only pass LAN-LAN traffic through the tunnel, while Internet traffic uses the respective router as gateway to the Internet. I also tested the Internet speed using Ookla speedtest: Remote site: Speedtest by Ookla Server: RETN - Stockholm (id = 32926) ISP: Bahnhof AB Latency: 2.56 ms (0.07 ms jitter) Download: 248.73 Mbps (data used: 112.6 MB ) Upload:57.17 Mbps (data used: 70.9 MB ) <== Suspiciously slow Packet Loss: 2.7% Home site: Speedtest by Ookla Server: Bahnhof AB - Stockholm (id = 34024) ISP: Bahnhof AB Latency: 1.48 ms (0.90 ms jitter) Download: 242.70 Mbps (data used: 192.2 MB) Upload: 248.81 Mbps (data used: 368.8 MB) Packet Loss: 0.0% More investigation needed... -- Bo Berglund Developer in Sweden ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Expected transfer speed LAN-LAN using OpenVPN?
On Sat, 12 Feb 2022 18:56:33 +0100, Gert Doering wrote: >Hi, > >On Sat, Feb 12, 2022 at 06:22:41PM +0100, Bo Berglund wrote: >> Connection LAN-LAN: >> Home LAN: ASUS RT-AC86U router >> Remote LAN: ASUS RT-AC68U router >> Remote router connects by OpenVPN to home OpenVPN server and the system has >> been >[..] >> Erlier tests with the server and client on the same LAN showed speed maxing >> out >> in the hundreds of Mbit/s. So the bottleneck seems to be OpenVPN. > >From what I could find, this router has a dual-core ARM CPU with 800 MHz, >which is just not very fast. For "regular packets" this is fast enough >(it might have hardware that helps with "normal routing") but if doing >crypto, I'm not sure how much you can achieve. So there may be more recent versions of routers that are faster in this respect? The two I use are different, the RT-AC86U is new whereas the other is the one I used at home before. And this is the one running the OpenVPN client so it encrypts the data. On the home side the ASUS RT-AC86U router just funnels the packets to the openVPN server, which has pretty capable hardware to decrypt the data. Maybe I should look for a replacement router instead of using the old home router? >If OpenVPN is new enough, going for "--cipher CHACHA20-POLY1305" might >help, as this can be accelerated nicely on (modern) ARM CPUs, while >the default 2.4+ cipher (AES-256-GCM) is only hardware-accelerated on >Intel CPUs with AES-NI instruction. I suspect that the OpenVPN version is pretty old on the ASUS RT-AC68U router... -- Bo Berglund Developer in Sweden ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Expected transfer speed LAN-LAN using OpenVPN?
Hi, On Sat, Feb 12, 2022 at 06:22:41PM +0100, Bo Berglund wrote: > Connection LAN-LAN: > Home LAN: ASUS RT-AC86U router > Remote LAN: ASUS RT-AC68U router > Remote router connects by OpenVPN to home OpenVPN server and the system has > been [..] > Erlier tests with the server and client on the same LAN showed speed maxing > out > in the hundreds of Mbit/s. So the bottleneck seems to be OpenVPN. From what I could find, this router has a dual-core ARM CPU with 800 MHz, which is just not very fast. For "regular packets" this is fast enough (it might have hardware that helps with "normal routing") but if doing crypto, I'm not sure how much you can achieve. If OpenVPN is new enough, going for "--cipher CHACHA20-POLY1305" might help, as this can be accelerated nicely on (modern) ARM CPUs, while the default 2.4+ cipher (AES-256-GCM) is only hardware-accelerated on Intel CPUs with AES-NI instruction. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Expected transfer speed LAN-LAN using OpenVPN?
On Sun, 30 Jan 2022 17:27:20 +, tincantech via Openvpn-users wrote: >To test your speed use iperf3 > I have now deployed the eqipment to the remote LAN and installed the fiber connection there. It is a 250/250 Mbit/s connection like what I have at home. So now I have done the iperf3 test in the real hardware. Server: Ubuntu Server 20.04.3 on Lenovo PC on home LAN (OpenVPN and file store) Client: Ubuntu Mint 20.3 on HP PRODESK PC on remote LAN Connection LAN-LAN: Home LAN: ASUS RT-AC86U router Remote LAN: ASUS RT-AC68U router Remote router connects by OpenVPN to home OpenVPN server and the system has been set up to be bidirectional (see separate thread here: "LAN-LAN connection via ASUS Router OpenVPN?"). Test with iperf3 (server at home, client at remote LAN) $ iperf3 -c 192.168.119.216 -f M Connecting to host 192.168.119.216, port 5201 [ 5] local 192.168.117.251 port 43860 connected to 192.168.119.216 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 953 KBytes 0.93 MBytes/sec 26 8.72 KBytes [ 5] 1.00-2.00 sec 1.06 MBytes 1.06 MBytes/sec 31 4.98 KBytes [ 5] 2.00-3.00 sec 1.49 MBytes 1.49 MBytes/sec 32 3.74 KBytes [ 5] 3.00-4.00 sec 1.35 MBytes 1.35 MBytes/sec 28 2.49 KBytes [ 5] 4.00-5.00 sec 1.40 MBytes 1.40 MBytes/sec 27 4.98 KBytes [ 5] 5.00-6.00 sec 1.02 MBytes 1.02 MBytes/sec 28 7.48 KBytes [ 5] 6.00-7.00 sec 1.49 MBytes 1.49 MBytes/sec 33 6.23 KBytes [ 5] 7.00-8.00 sec 1.32 MBytes 1.32 MBytes/sec 31 3.74 KBytes [ 5] 8.00-9.00 sec 1.43 MBytes 1.43 MBytes/sec 21 13.7 KBytes [ 5] 9.00-10.00 sec 1.59 MBytes 1.59 MBytes/sec 34 6.23 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 13.1 MBytes 1.31 MBytes/sec 291 sender [ 5] 0.00-10.00 sec 13.0 MBytes 1.30 MBytes/sec receiver So this is about 10 Mbit/s speed... I had really hoped for something better than 1/25th of the connection speed. Is this normal or is there some way to improve the speed? Erlier tests with the server and client on the same LAN showed speed maxing out in the hundreds of Mbit/s. So the bottleneck seems to be OpenVPN. Grateful for any tips on improving this. -- Bo Berglund Developer in Sweden ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Can a remote device connect to an NFS share on the OVPN server?
Hi, On 12/02/2022 00:12, Bo Berglund wrote: Since the connections targeting other nfs servers on the home LAN worked fine without this change I assume that when these are received by OpenVPN they are sent out on the 119 network after being NATed into the 119 LAN range and thus do not suffer the rejection. But when the target is the OpenVPN server itself it does not do the NAT translation and the call does not get out on the 119 LAN but uses the tunnel address directly instead and failed because of that. Just a little clarification (for the records and those coming after us): "it" is not OpenVPN, but rather your iptables/nftables and your routing table combined. If you wanted, you could configure NAT also for connections going to the server itself, but this is uncommon. Regards, -- Antonio Quartulli ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
