OpenVPN uses OpenSSL to perform all cryptographic operations. This means that the performance of an OpenVPN client or server depends on how fast the incoming traffic can be decrypted and how fast the outgoing traffic can be encrypted. For a client with a single connection to the OpenVPN server, this is almost never an issue, but with an OpenVPN server with hundreds of clients, the cryptographic performance becomes very important. Also, when running OpenVPN over a high-speed network link (Gigabit or higher), the cryptographic performance also plays an important role.
In this recipe, we will show how to measure the performance of the OpenSSL cryptographic routines and how this measurement can be used to improve the performance of an OpenVPN server.
This recipe is performed on a variety of computers:
The recipe can easily be performed on MacOS as well. Each computer had OpenVPN 2.3 installed, with the accompanying OpenSSL libraries.
On each system, the following OpenSSL commands are run:
$ openssl speed -evp bf-cbc $ openssl speed -evp aes-128-cbc $ openssl speed -evp aes-256-cbc
The first command tests the speed of the OpenVPN default BlowFish cryptographic cipher. The second and third test the performance of the 128 and 256-bit AES ciphers, which are very commonly used to secure websites. All commands were run twice on the new high-end server: once with support for the AES-NI instruction set turned on and once with AES-NI support off using the $ OPENSSL_ia32=0 openssl speed -evp <cipher>
.
The results are displayed in the following table. All numbers in the tables are the bytes per second processed when encrypting a block of data. The size of the block of data is listed in the columns.
For the BlowFish
cipher, the following results were recorded:
Type |
256 bytes |
1024 bytes |
8192 bytes |
Laptop |
95851.54k |
95426.22k |
95862.84k |
Old Server |
111466.67k |
111849.47k |
112162.13k |
New Server |
151329.96k |
152054.10k |
152428.54k |
New Server, no AES-NI |
151128.49k |
151951.02k |
152048.98k |
For the AES128
cipher, the following results were recorded:
Type |
256 bytes |
1024 bytes |
8192 bytes |
Laptop |
85588.05k |
179870.91k |
183104.85k |
Old Server |
758884.44k |
762378.58k |
755960.49k |
New Server |
802229.85k |
806787.75k |
807682.05k |
New Server, no AES-NI |
160414.98k |
361608.53k |
368836.61k |
And for AES256
:
Type |
256 bytes |
1024 bytes |
8192 bytes |
Laptop |
60698.20k |
130553.15k |
132085.73k |
Old Server |
560398.93k |
562632.92k |
564687.49k |
New Server |
577053.35k |
578981.21k |
579532.12k |
New Server, no AES-NI |
114444.29k |
266473.47k |
270030.17k |
The output of the openssl speed
command shows that the encryption and decryption performance is dependent on both the encryption key and the hardware used. Most OpenVPN packets are about 1500 bytes, so the column 1024 bytes is the most interesting column to look at.
The BlowFish
cipher results are quite interesting if you take the processor speed into account: if you divide the BlowFish
performance by the processor clock speed the numbers are very similar. This means that the BlowFish
performance is bound purely by the processor clock speed. An older type processor running at a higher clock speed might actually outperform a newer processor with a slightly lower clock speed.
For the AES128
and AES256
ciphers, this is no longer true. Here the modern i5/i7 and Xeon architectures are much faster than the older Pentium 4 and Athlon architectures. With the AES-NI extensions, the performance jumps by a factor of 4. If an OpenVPN server is set up that must support many clients, then this cryptographic cipher is an excellent choice, provided that the server CPU supports these extensions.
This recipe also provides a simple test of whether the AES-NI instructions are available and whether they are actually picked up by the underlying OpenSSL library. If the speed results between openssl
and OPENSSL_ia32cap=0 openssl
do not differ, then the AES-NI instructions are not being used for encryption or decryption.
The choice of the cryptographic cipher on the performance of OpenVPN is minimal for a single client. Measurements done for this recipe indicate that the client CPU has a load of less than 8% when downloading a file at the highest speed over the VPN tunnel on a modern system. However, on the older desktop, the choice of cryptographic cipher does become important: upload speed drops from 760 kbps to 720 kbps when the BlowFish
cipher changes to the AES256
cipher. In particular, when older hardware or certain home router equipment is used, this can quickly become a bottleneck. Most home wireless routers capable of running OpenVPN, for example, the wireless routers that support the DD-WRT or OpenWRT distributions, have a processor speed of about 250 MHz. This processor speed can quickly become the bottleneck if this router is also used as an OpenVPN server, especially when multiple clients connect simultaneously.
18.191.239.235