Hi,
having a look at your screenshots (thanks for providing them), some configuration items strike my attention:
- Especially on modern hardware, AES-GCM is (sometimes significantly) faster than AES-CBC.
openssl speed [algorithm]should give you a precise idea for the exact difference on your hardware. - Personally, I prefer Curve 25519 for security reasons over the NIST/Brainpool ones, but have no information regarding performance aspects of it at hand.
- Compression is often not worth the CPU time it consumes. Does it make a difference if you turn it off?
Aside from that (the AES-GCM issue is the only one I can imagine to make a noticeable performance difference), I suspect MTU issues as well, but am unfortunately not an expert when it comes to VPN and performance. @ms is, but he is short on spare time those days…
Thanks, and best regards,
Peter Müller