Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

OpenVPN TAP Speeds
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenVPN TAP Speeds

PrincessOfCatsPrincessOfCats Member
edited December 2014 in Help

Recently, I have moved from TUN to a bridged TAP in my openvpn setup to allow for a DHCP Server (dnsmasq) to give out IPs to OpenVPN clients.

Before I moved to the bridged TAP setup, I got around 300-400mbps using iperf between clients. After moving to TAP, I am getting around only 8-15mbps, depending on location.

Is the overhead for TAP really so high, or am I doing something wrong?

Edit: Ignore me, adjusted the tunnel mtus, and all is well

Comments

  • SplitIceSplitIce Member, Host Rep

    TAP itself is perfectly fine for performance. My software to bring IP-in-IP & GRE to windows easily maxes a my AC wireless (~300-400mbps). Chews about 30% of my laptops CPU to do that, but that's to be expected with the copying (In my case its kernel -> user space -> kernel).

    More than likely its to do with the configuration or overheads in OpenVPN. Look for misconfiguration like TCP over TCP or MTU/MSS issues.

  • PrincessOfCatsPrincessOfCats Member
    edited December 2014

    Ive been tinkering with it a bit, and I have managed to get it to around 15Mbits/s, though I do feel that is still kind of low. Here is my openvpn client config http://pastebin.com/LBegSAkB and my openvpn server config http://pastebin.com/Cg574mnh

    Currently, the tests are done using iperf -s/-c

    These are all on gigabit VPSes, so I seriously do not know what the problem is.

    Edit #2:
    Yanking out the bridge, and making dnsmasq listen directly on the tap interfaces seems to have increased the speed a bit to 20Mbits/s

    Edit #3:
    Ah ha!
    The solution was to set the mtu of the tap interface to 48000 on both server and client. That returns the speed to around 181-300 MBits/sec which is much more reasonable

  • ValdikSSValdikSS Member
    edited December 2014

    StartledPhoenix said: Edit #3: Ah ha! The solution was to set the mtu of the tap interface to 48000 on both server and client. That returns the speed to around 181-300 MBits/sec which is much more reasonable

    Better not to do that

    Try this:

    txqueuelen 300
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

    If it helps, please vote here https://community.openvpn.net/openvpn/ticket/461

    Also, mssfix consumes a lot of CPU. Turn it off with

    mssfix 0

    on both sides and use iptables TCPMSS if you need it.

Sign In or Register to comment.