OpenVPN + DD-WRT (VPN) = Speed ???
If you have tried OpenVPN with a DD-WRT device as client, you might have some speed issues.
I’ve now been running a OpenVPN configure based on SmoothWall+Zerina and DD-WRT (VPN) has client, (check Tutorial SmootWall+Zerina+DD-WRT ). The setup has been working as a charm, but when I now have started playing with NFS over VPN, I defiantly see some issue regarding speed.
Some basic info:
OS: Smoothwall + Zerian OpenVPN Patch
Hardware: AMD 2800+, 1GB RAM.
OS: DD-WRT v24sp1 VPN
Hardware: Linksys WRT54GL
OS: OS X 10.5.6
Hardware: Intel 2×2.66Ghz, 6GB FB RAM.
After playing with NFS over my old setup, I was on the edge of giving up. There was no way in h*** that I would get more then 3Mbit over the openVPN link. While reading up on openVPN and speed, I came over encryption methods. Check my setting on the smoothwall, I knew that I was running the fastest encryption method, so that was not the problem. But all encryption methods need hardware power to encrypt/decrypt. That’s when I knew I was on to something…..
Setting up some ftp session to the server using my old setup. Let it run for a while, and check load on DD-WRT powered router.
Firmware: DD-WRT v24-sp1 (07/27/08) vpn
Time: 21:44:26 up 6:41, load average: 1.83, 1.59, 1.10
The DD-WRT router was heaving overloaded, and the best speed I could get out of the connection was about 3Mbit. (From server to Client). I also check the Smoothwall as well, and there was no load at all, so the issue had to be related to the DD-WRT device.
Moving from Client #1 to Client #2 (see figure above – Green line is the OpenVPN link), the speed increased dramatically. I now had a MacPro with loads of horsepower to do the decryptions, and I now maxed out the bandwidth on the client side. (not really, got about 14Mbit but that’s about what I get out of this line.)
By moving the client from DD-WRT to the “real” client,
I managed to get an increase in speed with over 400%.
If you do not need the move large file over the openVPN link, the DD-WRT as a client is a good solution. This is special good if you have many clients. Since you only need to manage one device (both on server side and client side). BUT if you need to move a bit date (e.g. backup), you better of with setting up client on every machine that needs access to the VPN…..