Hi
I am currently using OpenVPN on ipfire for remote access from abroad to my internal network at home.
ISP Speeds: Ipfire 150down / 40 up client: 200 down / 60 up
When using the VPN connection to access the Ipfire Network (upload to IPFire) I get speeds of around 20-25 mbit(iperf3). This seems rather low to me (expected at least 50mbit). Is this a reasonable expectation whith my current setup? If yes what do I have to change to get there? If no is there an alternative (other software/hardware etc.) to get there?
Not an expert. I hope you get better suggestions from someone else.
I would check the speed from IPFire console using speedtest-cli (it’s available as a package). This should give you a more realistic speed from your IPFire box to and from the WAN.
Also I would check the speed from a host in green to IPFire with iprerf, this would give you a speed inside your lan and measure the throughput of your network cards.
Finally I would check the cpu activity during an ssh connection from internet to your box. Maybe the encryption/decryption is introducing a bottle neck in the cpu?
Thaks for your reply.
I already checked all the speeds. The connections from both networks to WAN are as advertised ±5mbit.
From a host inside the green network to ipfire is around 800mbit, so around what I would expect (gigabit).
As far as I can see the CPU is not the problem (systeminfoarmation page on IPfire web gui shows 28% peak usage over the last 2 days).
I think status/system in the WUI of IPFire reports the total % of CPU usage as a sum of all the cores. I do not know if/when the CPU activity in an OpenVPN session can be unloaded on all cores. If it cannot, you would see on the IPFire WUI a low number, like 28%, and in that number you would have a 25% of 1 core out of 4 completely maxed out. Just to be sure, while on a VPN session where you are using iperf, I would also open an ssh session to your IPFire terminal and use top to check what the different cores are doing. If you have 4 cores, and one of them is at 100%, there you have your bottleneck.
As an alternative hypothesis, do you have a quality of service activated?
When I tested my MTU using the ping method, I found out that MTU of 1500 was too high and the correct value is 1470, which according to the link above, I set it for OpenVPN to 1430. I did not notice any particular change but I also did not test the speed with the two MTUs.