Openvpn speed/throughput optimization

Posted on 2011-05-07
Medium Priority
Last Modified: 2012-05-11
Hi there, I have Openvpn installed, and want to get the best possible performance with it, and still have SOME encryption.  Hardware aside, what are some settings and parameters that can optimize throughput (file transfer speed) and latency?
Question by:schnibitz
  • 9
  • 3

Expert Comment

ID: 35713429
Here are some OpenVPN tweaks..


Have you set it up yet?

Author Comment

ID: 35713539
I have tried those options.  Well sorta. . . .

I tried putting them in the .ovpn file with the appropriate syntax.  That didn't work correctly.  I'm not sure where to put that config.  It says

"For a RouterOS client, the syntax is:

/interface ovpn-client set <interface-name> auth=sha1 cipher=none"

But where is that syntax put?  It doesn't work if I put that in the .ovpn file.  I've tried to find various parameters that basically do the same thing, and put them in the config file and I keep getting errors.

Unless there's a way to make that not such a hassle, I'd rather not mess with those options.  I can't use them anyway in a production environment.  I know they help establish a baseline, but I can't seem to get any of that to work without errors and problems.  Just trying to find a good list of common settings that boost throughput.  I've tried changing the MTU, and that didn't help.  Made things worse actually.  I've tried changing the algo to blowfish, but I got errors when that happened.  There doesn't seem to be a step-by-step out there that describes how to tweak for performance.

Author Comment

ID: 35713874
I apologize for the above message.  Those options work, just not for me at the time.  Turns out that there were some funny options in my init file that were interfering with adding that into my .conf file, and ovpn file.  Once I cleared up the init file, everything worked for --cipher none.  It helped my upload speed SLIGHTLY, but the download speed remained the same.  I did not turn off AUTH BTW.
Unless you have any other suggestions, I'm going to retry tweaking some of the other settings too.  Thank you for your help.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Expert Comment

ID: 35713880

Author Comment

ID: 35713903
Yes, however I'm going to re-try all of that in light of the init-file problem I solved above.  Hopefully I'll have some better results.  There is a chance too, that there is some limit on the hosted machine I am running this server on.  It's linux, and I only have access to the command line, so I'm not sure how to test that.  I'll report back anyway soon.  Thank you.

Author Comment

ID: 35713968
Okay, it's not a problem with my host server.  I just downloaded a 10mb file in less than half a second from the server.

My home machine connected to the server (openvpn) downloaded it in like 10 seconds at 800+K/sec in Firefox.  So obviously the server has plenty of bandwidth.  Wget reported 36.4 MB/s which is way higher than what is available at even my home connection.

I'll check the other settings soon.

Author Comment

ID: 35714284
Looks like:


Didn't help either.  The MTU settings won't work very well to adjust for me because my openvpn adapter only goes up to max 1500, regardless of what's set in the ovpn file (I don't like messing with command-line parameters, so I put it in the ovpn file).  In fact that setting seems to have little to no effect.

There must be something I'm missing.  How can there be such a disparity between the server's download speed and the openvpn throughput even when unencrypted?  I installed the openvpn binaries with yum.  That can't make THAT much of a difference as opposed to compiling right?

Expert Comment

ID: 35715899
Can you upload a visio or network layout from lan to lan?

Author Comment

ID: 35715933
Sure.  I'll post that here once complete.

Thank you

Author Comment

ID: 35716132
Here's something I noticed:

eth0      Link encap:Ethernet  HWaddr 00:16:3E:6F:76:67
          inet addr:<ip address>  Bcast:<broadcast>  Mask:
          inet6 addr: fe80::216:3eff:fe6f:7667/64 Scope:Link
          RX packets:3654782 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2495699 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2109824036 (1.9 GiB)  TX bytes:1756609492 (1.6 GiB)

lo        Link encap:Local Loopback
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:  P-t-P:  Mask:
          RX packets:3681 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4814 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2412266 (2.3 MiB)  TX bytes:5277893 (5.0 MiB)

Notice that the "tun0" interface used in openvn only shows 5.0 MiB and the physical interface is 1.5GiB.

I know that only show usage, but it got me to wondering if the tun interface is set to a speed that it too low?  Still working on the diagram.


Accepted Solution

schnibitz earned 0 total points
ID: 35725539
I'm going to close this out.  I'm highly suspicious that this is a limit that my hosting company placed on my connection.

Author Closing Comment

ID: 35759578
Thing is that their support actually confirmed the limitation.  Unless I can find a way around it, I'll have to change hosting.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question