====== Performance ======

OpenVPN is single core daemon. It is recommended to run multiple instances to get multi-core benefits.
Also OpenVPN is user-level application which requires lots of switches.


[[https://germanystudy.net/speed-up-your-openvpn-connection/]]

==== Tune packet size ====

==== Test performance ====

<code bash>
openvpn --genkey --secret /tmp/secret
time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
</code>


( 3200 / execution_time_seconds ) = Projected Maximum OpenVPN Performance in Mbps


==== Force OpenSSL engine ====

[[https://en.wikipedia.org/wiki/Crypto_API_(Linux)]]

openssl speed -evp aes-256-cbc
openssl speed -evp aes-256-cbc -engine afalg

<file config>
# Deprecated
#engine cryptodev

# Modern replacement
engine afalg
</file>

<code>
Tue Mar 17 14:18:54 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Mar 17 14:18:54 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Tue Mar 17 14:18:54 2020 Initializing OpenSSL support for engine 'afalg'
</code>