Slow OPENVPN server performance

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

Post Reply
basix
Posts: 3
Joined: Fri Aug 15, 2014 2:36 pm

Slow OPENVPN server performance

Post by basix »

Hi all,

Today I installed the Openvpn server service on one of my TP-LINK 1043 v1's. It has gargoyle 1.6.1 on it.

I can connect with my vpn clients (Android and iOS) fine and traffic is redirected through my internet connection.

My problem is that the connection speed is considered "slow". The ISP upload of this connection is 10 mbit.

With previous Gargoyle release (1.5.x)) I was able to almost max out 10 mbit of Openvpn download (upload of my connection) through my Openvpn server.

With version 1.6.1 it cannot pass around 1.25 mbit. I get the feeling that cipher being used (Blowfish CBC 128 bit) somehow eat up all the processor power for routing and encrypting/decrypting the vpn connection.

With gargoyle 1.5.x I only had the slow vpn speeds if I put my cipher on AES 265 bit (seems logical to me as this is a much more cpu intense cipher for this router cpu). With blowfish cypher on 128 bit everything was "fast".

Can anyone share some more info?
Is it a config error by me?

Regards

Small update:

I just removed the compression command in de .conf file like this:

#comp-lzo (both on server and client config.

The end result is a little bit faster (or less slow) performance. From 1.25 mbit to 1.75 but still nowhere near the 10 mbit range I used to had with older Gargoyle releases.

Cheers

n0pin
Posts: 129
Joined: Thu Jan 09, 2014 6:39 am

Re: Slow OPENVPN server performance

Post by n0pin »

Is your CPU load at 100% when you are using OpenVPN at 1.75 mbps speed?

basix
Posts: 3
Joined: Fri Aug 15, 2014 2:36 pm

Re: Slow OPENVPN server performance

Post by basix »

Hi N0pin,

Thats the weird part. The cpu load is almost nothing. Around 5% max when using Blowfish 128 bit CBC.

I also looked in firewall and QOS default config files. I though maybe there would be a false limitation or whatsoever but unfortunately I could not found anything that looks like something that has to do with my problem.

Post Reply