Main server has 50×50 mbps dedicated fiber ISP. We currently have a Netgear FVS336Gv3 wired router with WAN to LAN throughput rating of 300 mbps. This device performs all routing to/from the internet to the openVPN server. openVPN server is running on a semi-dedicated x64 dell server running Ubuntu Server 14.04. We have a dedicated Ubuntu Server 14.04 x64 dell box that is our main file server, shares are hosted via Samba.
When remote openVPN clients are transferring files to/from the main file server over the VPN tunnel they never come close to saturating the bandwidth on either the client or server side.
For example, a 20 mbps download speed at a client never pulls a file across the VPN tunnel at 20 mbps, which theoretically could happen because upload speed at file server is 50 mbps.
My question is: would scrapping the Netgear FVS336Gv3 router for a dedicated x64 box running pfSense increase throughput over the VPN tunnel?
or
Is the lack of throughput over the VPN tunnel the result of hosting file shares using Samba?
Edit:
I'm thinking the latter but would like to hear from others. We transfer files to a remote Ubuntu Server via cert. secured SSH tunnel and I see (Cacti bandwidth graphs) that we are saturating the remote download connection at around 20 mbps, which is very close the ISP provisioned bandwidth at the remote site.
Bandwidth graph from Netgear router, you can see the spike in outbound bandwidth the night of 08 July; this is our backup to the remote server. During the prior work week, we never reached 2mbps outbound bandwidth and I know tons of files were tranfered via Samba and openVPN.
thanks.
Best Answer
TCP/IP basics:
throughput <= TCP buffer size / RTT
I doubt it, because ...
Definitely no, your problem is latency between client and OpenVPN server (pfsense), I do have same setup like you:
I wasn't able saturate 50 mpbs (my Windows 7 workstations with SMB 2.x, throughput max 10-12mbps, while Windows 8 and 10 upgraded with SMB 3.x doubled that result) until I added (server conf):
On links with even longer latency you can use bigger buffers, try test it using 128KiB steps.
Reconfiguring samba to use;
... is also good idea.
I use: UDP, lzo and tap device. Be sure to test (setting socket buffers) it using at least
verb 4
in OpenVPN config file. Look for:If you want to understand the problem:
https://community.openvpn.net/openvpn/ticket/461
https://www.lowendtalk.com/discussion/40099/why-openvpn-is-so-slow-cool-story