I'm currently configuring a site-to-site VPN between two VPSes that requires both outgoing and incoming connections. It will be used by a high bandwidth application so I require the maximum amount of speed that I can get over the connection.
Using iperf3, I'm getting about 600Mbit/s over the connection reliably, with ~30ms ping.
Over OpenSSH SCP, I get about 260Mbit/s, which I'm happy with given the additional encryption.
I have been trying various kinds of configurations of VPNs, mostly with OpenVPN. I have tried sndbuf/rcvbuf changes, no encryption, no compression, but I still only generally get 20Mbit with UDP, 40Mbit with TLS on port 443.
I have also set up IPSec/L2TP, SoftEther (though I got only like 500Kbit/s with that), and OpenSSH built-in tun adapter. None of these have been able to give me an iperf speed above 40Mbit/s.
I have been closely watching the HDD and CPU of each node, and neither have been saturated. One server is significantly less powerful, but only ever hits ~30% CPU usage during the test.
I am kind of at a loss. I need something that can achieve the speeds above 200Mbit/s (which I know for sure is possible), and just needs to route from one virtual interface to another. Theoretically, this is what SoftEther is for. Should I continue to try to fix SoftEther to get any kind of actual speeds?
Any suggestions for more aspects to test/debug/configure to try to get a solid tunnel interface up and running? Is there another piece of software that will help route the incoming connections so I can use a normal proxy-like tunnel? Thanks!
Best Answer
Given the link posted in the comments, I decided to take another look at this openvpn article: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
I was able to achieve ~150Mbit/s average using a couple of the settings from this article. Here are the steps I took to configure my OpenVPN to achieve this.
These are the steps I tried in order:
Here is a final iperf3 output:
Compared to non-VPN direct connection:
What I learned