Table of Contents

Performance

OpenVPN is single core daemon. It is recommended to run multiple instances to get multi-core benefits. Also OpenVPN is user-level application which requires lots of switches.

https://germanystudy.net/speed-up-your-openvpn-connection/

Tune packet size

Test performance

openvpn --genkey --secret /tmp/secret
time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc

( 3200 / execution_time_seconds ) = Projected Maximum OpenVPN Performance in Mbps

Force OpenSSL engine

https://en.wikipedia.org/wiki/Crypto_API_(Linux)

openssl speed -evp aes-256-cbc openssl speed -evp aes-256-cbc -engine afalg

# Deprecated
#engine cryptodev
 
# Modern replacement
engine afalg
Tue Mar 17 14:18:54 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Mar 17 14:18:54 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Tue Mar 17 14:18:54 2020 Initializing OpenSSL support for engine 'afalg'