PFSense VPN speeds

Shou Miko · May 11, 2019

Earlier this week I got a PFSense box home from PCEngine APU2C4 specs: AMD GX-412TC Jaguar 1GHz Quad-Core, 4GB DDR3-1333 RAM, 16GB SSD storage with 3xIntel I211AT ethernet ports and more: https://pcengines.ch/apu2c4.htm

I am using OpenVPN to connect this router to a VPN service I use for personal matters, and I tested with the following settings:

AES-256-GCM | SHA256
AES-128-GCM | SHA1

with these 2 encryption methods I get the same speeds through it like 15/50 Mbit and if I under advanced add these 3 lines:
fast-io
sndbuf 524288
rcvbuf 524288

I reach 80/50Mbit on both encryptions methods above and CPU load maks out at max 20-25% while testing speeds with the VPN what I find weird is that I don't see a higher throughput using AES-128-GCM | SHA1 than with AES-256-GCM | SHA1 and I got told that lowering the encryption method doesn't nessarly means better speeds

I am on a 200/200Mbit connection at the moment and I would really like to be able to put some load on this small box and get better vpn throughput and yes I got told that OpenVPN only is a single threaded application so if this is what holds it back I would really like to know what I can use instead.

silentbogo · May 11, 2019

Installation - WireGuard

www.wireguard.com

Shou Miko · May 11, 2019

silentbogo said:
Installation - WireGuard

www.wireguard.com

WireGuard is currently under development, and therefore any installation steps here should be considered as experimental.

It's not a finished product and it would be nice if it had a gui for PFSense.

silentbogo · May 11, 2019

puma99dk| said:
WireGuard is currently under development, and therefore any installation steps here should be considered as experimental.

But stable enough to be considered for inclusion in 5.2 kernel. Not sure if their FreeBSD port became any better, but so far that's the only decent alternative.

WireGuard Sent Out Again For Review, Might Make It Into Linux 5.2 Kernel - Phoronix

www.phoronix.com

Other than that - cross your fingers and hope that at some point maintainers and the dev. community finally decide to re-write OpenVPN from scratch, cause even on the official website there is a whole page dedicated to shortcomings of current approach and why is it so hard to fix it.

Shou Miko · May 11, 2019

@silentbogo to be honest, it's not the installation or setup that worries me of this it's more the long term use of how stable and easy it will be to upgrade because my experience with PFSense from work is that installing anything that's not in the package manager won't run proper for a longer period of time specially tried the UniFi controller for Ubiquiti's devices the controller works and suddenly out of no where with no high usage both the PFSense and UniFi Controlle crashes or is just not responding and a reboot doesn't always fix this.

bug · Jun 6, 2019

puma99dk| said:
@silentbogo to be honest, it's not the installation or setup that worries me of this it's more the long term use of how stable and easy it will be to upgrade because my experience with PFSense from work is that installing anything that's not in the package manager won't run proper for a longer period of time specially tried the UniFi controller for Ubiquiti's devices the controller works and suddenly out of no where with no high usage both the PFSense and UniFi Controlle crashes or is just not responding and a reboot doesn't always fix this.

Wait for it to be mainlined first then. Shouldn't be long now.

newtekie1 · Jun 6, 2019

You have to realize too that the VPN throughput is also going to rely very much on how fast the VPN service can provide to you. And even a lot of paid services struggle to give you more than 50Mbps.

Shou Miko · Jun 6, 2019

my vpn provider doesn't have an issue giving me 200/200Mbps far from that, it's just the openvpn in pfsense that's not good enough for that.

I want to use OpenConnect but it doesn't have a package for PFSense and my experience with applications that doesn't have a package in the package manager are that they work fine for some times then suddenly out of no where they don't anymore.

This I tested on different setups from Pentiums, i3, i5 and i7 and some AMD APU's anywhere from 512MB ram to 12GB same deal. Also with HDD's and SSD's.

System Name	Lynni PS \ Lenowo TwinkPad T480
Processor	AMD Ryzen 7 7700 Raphael \ i7-8550U Kaby Lake-R
Motherboard	ASRock B650M PG Riptide Bios v. 2.02 AMD AGESA 1.1.0.0 \ Lenowo 20L60036MX Bios 1.47
Cooling	Noctua NH-D15 Chromax.Black (Only middle fan) \ Lenowo WN-2
Memory	G.Skill Flare X5 2x16GB DDR5 6000MHZ CL36-36-36-96 AMD EXPO \ Willk Elektronik 2x16GB 2666MHZ CL17
Video Card(s)	Asus GeForce RTX™ 4070 Dual OC GPU: 2325-2355 MEM: 1462\| Nvidia GeForce MX™ 150 2GB GDDR5 Micron
Storage	Gigabyte M30 1TB\|Sabrent Rocket 2TB\| HDD: 10TB\|1TB \ SKHynix 256GB 2242 3x2 \| WD SN700 1TB
Display(s)	LG UltraGear 27GP850-B 1440p@165Hz \| LG 48CX OLED 4K HDR \| AUO 14" 1440p IPS
Case	Asus Prime AP201 White Mesh \| Lenowo T480 chassis
Audio Device(s)	Steelseries Arctis Pro Wireless
Power Supply	Be Quiet! Pure Power 12 M 750W Goldie \| 65W
Mouse	Logitech G305 Lightspeedy Wireless \| Lenowo TouchPad & Logitech G305
Keyboard	Akko 3108 DS Horizon V2 Cream Yellow \| T480 UK Lumi
Software	Win11 Pro 23H2 UK
Benchmark Scores	3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr

System Name	WS#1337
Processor	Ryzen 7 3800X
Motherboard	ASUS X570-PLUS TUF Gaming
Cooling	Xigmatek Scylla 240mm AIO
Memory	4x8GB Samsung DDR4 ECC UDIMM
Video Card(s)	Inno3D RTX 3070 Ti iChill
Storage	ADATA Legend 2TB + ADATA SX8200 Pro 1TB
Display(s)	Samsung U24E590D (4K/UHD)
Case	ghetto CM Cosmos RC-1000
Audio Device(s)	ALC1220
Power Supply	SeaSonic SSR-550FX (80+ GOLD)
Mouse	Logitech G603
Keyboard	Modecom Volcano Blade (Kailh choc LP)
VR HMD	Google dreamview headset(aka fancy cardboard)
Software	Windows 11, Ubuntu 20.04 LTS

System Name	Lynni PS \ Lenowo TwinkPad T480
Processor	AMD Ryzen 7 7700 Raphael \ i7-8550U Kaby Lake-R
Motherboard	ASRock B650M PG Riptide Bios v. 2.02 AMD AGESA 1.1.0.0 \ Lenowo 20L60036MX Bios 1.47
Cooling	Noctua NH-D15 Chromax.Black (Only middle fan) \ Lenowo WN-2
Memory	G.Skill Flare X5 2x16GB DDR5 6000MHZ CL36-36-36-96 AMD EXPO \ Willk Elektronik 2x16GB 2666MHZ CL17
Video Card(s)	Asus GeForce RTX™ 4070 Dual OC GPU: 2325-2355 MEM: 1462\| Nvidia GeForce MX™ 150 2GB GDDR5 Micron
Storage	Gigabyte M30 1TB\|Sabrent Rocket 2TB\| HDD: 10TB\|1TB \ SKHynix 256GB 2242 3x2 \| WD SN700 1TB
Display(s)	LG UltraGear 27GP850-B 1440p@165Hz \| LG 48CX OLED 4K HDR \| AUO 14" 1440p IPS
Case	Asus Prime AP201 White Mesh \| Lenowo T480 chassis
Audio Device(s)	Steelseries Arctis Pro Wireless
Power Supply	Be Quiet! Pure Power 12 M 750W Goldie \| 65W
Mouse	Logitech G305 Lightspeedy Wireless \| Lenowo TouchPad & Logitech G305
Keyboard	Akko 3108 DS Horizon V2 Cream Yellow \| T480 UK Lumi
Software	Win11 Pro 23H2 UK
Benchmark Scores	3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr

System Name	WS#1337
Processor	Ryzen 7 3800X
Motherboard	ASUS X570-PLUS TUF Gaming
Cooling	Xigmatek Scylla 240mm AIO
Memory	4x8GB Samsung DDR4 ECC UDIMM
Video Card(s)	Inno3D RTX 3070 Ti iChill
Storage	ADATA Legend 2TB + ADATA SX8200 Pro 1TB
Display(s)	Samsung U24E590D (4K/UHD)
Case	ghetto CM Cosmos RC-1000
Audio Device(s)	ALC1220
Power Supply	SeaSonic SSR-550FX (80+ GOLD)
Mouse	Logitech G603
Keyboard	Modecom Volcano Blade (Kailh choc LP)
VR HMD	Google dreamview headset(aka fancy cardboard)
Software	Windows 11, Ubuntu 20.04 LTS

System Name	Lynni PS \ Lenowo TwinkPad T480
Processor	AMD Ryzen 7 7700 Raphael \ i7-8550U Kaby Lake-R
Motherboard	ASRock B650M PG Riptide Bios v. 2.02 AMD AGESA 1.1.0.0 \ Lenowo 20L60036MX Bios 1.47
Cooling	Noctua NH-D15 Chromax.Black (Only middle fan) \ Lenowo WN-2
Memory	G.Skill Flare X5 2x16GB DDR5 6000MHZ CL36-36-36-96 AMD EXPO \ Willk Elektronik 2x16GB 2666MHZ CL17
Video Card(s)	Asus GeForce RTX™ 4070 Dual OC GPU: 2325-2355 MEM: 1462\| Nvidia GeForce MX™ 150 2GB GDDR5 Micron
Storage	Gigabyte M30 1TB\|Sabrent Rocket 2TB\| HDD: 10TB\|1TB \ SKHynix 256GB 2242 3x2 \| WD SN700 1TB
Display(s)	LG UltraGear 27GP850-B 1440p@165Hz \| LG 48CX OLED 4K HDR \| AUO 14" 1440p IPS
Case	Asus Prime AP201 White Mesh \| Lenowo T480 chassis
Audio Device(s)	Steelseries Arctis Pro Wireless
Power Supply	Be Quiet! Pure Power 12 M 750W Goldie \| 65W
Mouse	Logitech G305 Lightspeedy Wireless \| Lenowo TouchPad & Logitech G305
Keyboard	Akko 3108 DS Horizon V2 Cream Yellow \| T480 UK Lumi
Software	Win11 Pro 23H2 UK
Benchmark Scores	3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr

PFSense VPN speeds

Shou Miko

silentbogo

Moderator

Installation - WireGuard

Shou Miko

Installation - WireGuard

silentbogo

Moderator

WireGuard Sent Out Again For Review, Might Make It Into Linux 5.2 Kernel - Phoronix

Shou Miko

bug

newtekie1

Semi-Retired Folder

Shou Miko

Processor	Intel i5-12600k
Motherboard	Asus H670 TUF
Cooling	Arctic Freezer 34
Memory	2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s)	EVGA GTX 1060 SC
Storage	500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s)	Dell U3219Q + HP ZR24w
Case	Raijintek Thetis
Audio Device(s)	Audioquest Dragonfly Red :D
Power Supply	Seasonic 620W M12
Mouse	Logitech G502 Proteus Core
Keyboard	G.Skill KM780R
Software	Arch Linux + Win10

Processor	Intel Core i7 10850K@5.2GHz
Motherboard	AsRock Z470 Taichi
Cooling	Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory	32GB DDR4-3600
Video Card(s)	RTX 2070 Super
Storage	500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s)	Acer Nitro VG280K 4K 28"
Case	Fractal Design Define S
Audio Device(s)	Onboard is good enough for me
Power Supply	eVGA SuperNOVA 1000w G3
Software	Windows 10 Pro x64