Having tried a large number of things, it looks like an UDP receive issue on (B). Connecting the tunnel through TCP transport instead of UDP brings the throughput around 75 Mbps in both directions. Over UDP, it is a good ~300 Mbps in one direction and a mere ~15 Mbps in the opposite (A to B). That means in the direction being problematic, throughput is actually higher over TCP than UDP, which of course is counterintuitive.
So I decided to test an IPsec tunnel instead, in order to rule out OpenVPN specific issues... I never used IPsec tunnel before but could establish one rather simply following the book recommended settings and... I'm quite surprised at the throughput I get (very high). To the point that I'm wondering if it's really encrypting anything! I'm leaving this (self) thread here and starting another one about IPsec. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om > Le 29 avr. 2016 à 11:45, Olivier Mascia <o...@integral.be> a écrit : > > Dear all, > > In case some of you would have an idea what to look for and adjust, here is a > strange issue I have between two end-points of an OpenVPN tunnel. Both sites > each have >= 1 Gbps connectivity to Internet. > > One site (A) is still using pfSense 2.2.2-REL on 'Intel(R) Xeon(R) CPU E31270 > @ 3.40GHz, 4 CPUs: 1 package(s) x 4 core(s)' (hyper-threading turned off). > This is a nanobsd configuration. > > New site (B) is using pfSense 2.3-REL on 'Intel(R) Xeon(R) CPU E5-2690 v2 @ > 3.00GHz, 2 CPUs: 1 package(s) x 2 core(s)' (this is actually a VM). This is > full setup. > > I have an OpenVPN tunnel between both (peer to peer, shared key, AES-128-CBC, > SHA1). > > Using the tunnel for file transfers between both sites, I peak over 350 Mbps > inside the tunnel from (B) to (A). But from (A) to (B) I peak at ~14 Mbps. > Which looks really strange. I'm wondering where is the culprit: sending from > (A), or receiving on (B). > > Using iperf3 with 3 to 5 threads, outside of the VPN, but through both > pfSense anyway, I consistently get 800 to 900 Mbps, either (A) to (B) or (B) > to (A). It is only within the OpenVPN tunnel that I can see the asymmetric > speed. And it puzzles me. > > If you have any kind of idea about what to look for, I'll take whatever you > give me. > Thanks for reading me, > -- > Meilleures salutations, Met vriendelijke groeten, Best Regards, > Olivier Mascia, integral.be/om _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
