One of the significant disadvantages of OpenVPN is its rather poor performance. This is especially noticeable at link speeds of 100+ megabits. In most cases, the performance of an OpenVPN tunnel is dependent on the chosen encryption method, its complexity, and buffer sizes.
Below I have collected the main OpenVPN parameters that you need to check if you notice slow OpenVPN performance/speed (the names of the parameters in the OpenVPN server configuration file server.conf are in brackets):
- Try to disable compression and see if it affects OpenVPN speed (remove the option comp-lzo yes)
- If you are using TCP transport, replace it with UDP (proto udp)
- Try using a simpler encryption method. For example, AES-128-CBC instead of AES-256-CBC. (cipher AES-128-CBC)
- Check CPU usage when testing OpenVPN channel performance. If you find that one of the CPU cores is fully loaded by the OpenVPN process, then your CPU performance is not enough.
There are a number of more complex settings that can also affect the performance of OpenVPN:
- Sizes of receive and send buffers in OpenVPN (parameters sndbuf and rcvbuf). Check buffer values (default 64Kb). Try to increase them or disable management by OpenVPN server. The buffer settings need to be changed on the server and transferred to the clients. You can get the current buffer size from the following line in the openvpn connection log:
Socket Buffers: R=[65536->65536] S=[65536->65536]
You can set a custom buffer size in the server.conf:
sndbuf 524288To send new settings to clients without updating their config files, you can push new options to them from the OpenVpn server:
push "sndbuf 524288"
push "rcvbuf 524288"
- Try changing the MTU size using the tun-mtu option. This parameter is often the reason for the slow tunnel performance;
- Try to change changing the length of the send queue (txqueuelen). In most cases, the default value doesn’t need to be changed. But if all else fails, check this option as well.