On 8/19/2010 10:29 AM, Boris Epstein wrote:
Hello listmates,
We are working on setting up two private networks linked by a public network which is fast (1 Gbit/s) but potentially insecure. Since the hosts on our two networks need to talk to each other, and do so securely, we have decided to use OpenVPN to connect them, making one gateway a server and the other a client. The connectivity part was easy to establish and worked like a charm. The only problem was, and is, performance.
We have two old PIII-class machines that are being tested for the role of the gateways. We have put new 1 Gbit NIC's in them and they work find for everything (data transmission, DHCP, DNS, routing) except the VPN. When traffic goes through the VPN the OpenVPN process goes to 99% CPU on the server, about 70% CPU on the client and the effective transmission rate goes down to about 6 MB/s whereas in non-VPN mode it can be as high as 50+ MB/s (the top for the 1 Gbit/s is, obviously, 125 MB/s hence with the VPN we are down to about 5% of the capacity).
While this may be usable we would like to hope we can do better. Hence the following questions:
Have you used OpenVPN in a similar setup?
If so what sort of performance did you see?
What kind of equipment did you use?
Personally, I'd like to hope that if we find VPN-enabled gateways with more processing power we'd get drastically better performance. So if you have data to confirm or deny that please share it.
I have an OpenVPN gateway running on an old PII-400 machine with 256M RAM. It works fine for what we need. I have never measured throughput or CPU usage.
I would say that if your CPU is going to 99% when you use the VPN, you would definitely benefit from a faster system. I would suspect that any P4 or higher system would work fine, but maybe someone else that actually uses a high-speed VPN connection could give you a more accurate spec.