Jump to content
TorGuard
  • 0
RobinHood

General (Open)VPN hardware suggestions for fast speeds (100+Mbps)

Rate this question

Question

RobinHood

Hi everyone!

This is my first post on the forums, so please bear with me in case I might slip up here or there. I hope this is the correct section.

I am absolutely stunned by the value TorGuard provides. Customer service has been very patient with me and enormously helpful in setting up my network, and I am thrilled that I now get speeds that are only about 4% slower than my unprotected ISP line. The only issue I have now is self-inflicted. Last fall I upgraded my 10-year old nettop that was acting as my home server to an actual fully-fledged smb server. At the time I wasn't considering VPN, and now I have the dilemma that I'm getting significantly slower speeds on the server than on the clients. I have learned from customer service that the culprit here is the CPU.

So during the last week I've been running numerous tests with different servers and setups to find out how to tweak my connection. On my desktop PC (AMD-FX 8150 8-core) I don't notice any difference between VPN on or off. Even on my Dell Latitude from 2007 I got 92 Mbps on the first speedtest (it features an Intel Core 2 Duo from that era, clock speed app. 2Ghz). This is all using OpenVPN UDP AES-128-GCM and the nearest location of course. On the server unfortunately I rarely get more than 40 Mbps on a 100/50 cable line. The download got better when I fiddled around with the settings, like using TCP and AES-128-CBC, but the upload decreased a little in turn. I also tried setting up L2TP and PPTP connections manually on the OS (Windows Home Server 2011 which is actually an embedded Server 2008 R2), and surprisingly got even lower speeds most of the time. I even tried changing the MTU size according to a guide from one of your competitors, but it didn't change anything.

So my question is, are there minimum CPU/system requirements in order to achieve speeds above 100 Mbps? One guy from customer support suggested a CPU with at least 2.40 Ghz, is that accurate? My server model is an HP ProLiant MicroServer N40L with a low-energy Dual-Core CPU clocked at 1.5 Ghz. I didn't expect it to carry much load, but I'm wondering about its inability to handle VPN encryption since it handles SSL encryption just fine. I hardly notice any drop in speed when downloading with NNTP over SSL. On my previous "server" this was a major issue. It had an Atom 230 that wouldn't even give me more than half my line speed without SSL. With SSL enabled, the speed would drop another 50%.

Any advice would be highly appreciated. I'm currently watching an ITX system on eBay featuring a Celeron J1800 @ 2.40 Ghz which I might install in my network as a pure download/seedbox with the server only providing the storage. Of course I'd like to avoid running another machine 24/7, but I guess it's cheaper than getting a better server.

Share this post


Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 0
Support

Hello,

The HP MicroServer N40L doesn't look like it was built for speed, it's quite an old system, it doesn't support AES-NI which it would have hugely benefited from, the vast difference between your PC CPU and your server CPU tells me the issue is certainly your CPU, i don't think the  Celeron J1800 would do you much better, something that supports AES-NI is what you need.

Regards

 

 

Share this post


Link to post
Share on other sites
  • 0
Anon101

I agree with the staff. Both those CPUs are really underpowered, especially for encrypt/decrypt. I cheaper option might be to install a gateway/proxy on your network to handle the VPN load of your network. You could build a small dedicated machine quite cheaply and route the VPN bound traffic through it. You could use an older desktop PC and install a Gigabit Ethernet card and plug this into a cheap 10/100 switch. Depending on your use case ( and as you mentioned concern with running a new whole system 24/7) you might be able to just use a single board computer ( think raspberry pi or one of its clones) as a vpn proxy/access point. If you go this route let me know and I'll provide some tips.

Share this post


Link to post
Share on other sites
  • 0
RobinHood

@Anon101 Sorry for replying so late, I didn't see your comment back when I originally started this topic and basically thought I had no other options than to get a better server. Well it's been a while, and I've come to the conclusion that I want to replace my server anyway because its performance just can't keep up with my demands. I will do my own build and do it right this time so that it will hopefully last for a long time. I already have the case which was the hardest part for me, now I'm looking for the proper components. I believe the Apollo Lake or Gemini Lake chips serve the best combination of low power consumption and performance without breaking my budget.

Fortunately, a friend of mine has just gifted me his old Raspberry Pi B so if you have any tips or can direct me to resources for setting it up as a VPN access point it would be very much appreciated.

EDIT: I am now running a new system with AES-NI encryption support. I have dropped the Pi idea because it is extremely slow, and pfsense is too complicated for my simple needs.

Edited by RobinHood
New System

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...