On Sat, 2019-12-28 at 22:53 +0100, Carles Pina i Estany wrote: > Hi openconnect, > > I have a question regarding CPU usage, network speed and openconnect. > > I'm using openconnect from Debian (Debian package version 8.02-1) > connecting to a Cisco AnyConnect. I'm using NetworkManager but I'm happy > to use the command line if this would help.
A few months ago we had a similar thread, and some performance improvements went into the 8.03 release. Please could you update to git master and try? There's also an experimental perfhacks branch: http://git.infradead.org/users/dwmw2/openconnect.git/shortlog/refs/heads/perfhacks Most of that is for ESP support, not DTLS, but the 'reuse packets instead of free/malloc' bought us a few percent and I'd like to eventually fix up all the buffer sizing inconsistencies and merge it (or just move to using rings). > I see that openconnect uses about 35 to 40% of CPU (measured with top) > in my 4 cores laptop. > > When using openconnect the connection is about 5 to 8 MB/s otherwise > more than twice this speed. > > The system administrators on the other side don't seem to be aware of > any speed limitation or throttling. > > The internet connection or even the upload speed to the other side is > higher if no OpenConnect is used. > > My question is: do you know of any way to make the VPN faster? > > Any experience compiling openconnect (I might try this anyway) instead > of using the Debian precompiled version? Any parameters that could be > used, faster cyphering, etc.? You can try forcing it to use different ciphers with the --dtls-ciphers option. Please could you set it running, then use 'perf record -a netperf....' to record the *full* system activity (including kernel and openconnect) for each of a large upload, and a large download. Use your own existing benchmark or workload if that's easier than netperf. Let's see where it's actually spending the time, and what we can do about it.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
