Hi Selva,
On 22/03/18 18:12, Selva Nair wrote:
On Thu, Mar 22, 2018 at 12:16 PM, Jan Just Keijser <janj...@nikhef.nl> wrote:
Hi Eric, all,
On 22/03/18 04:25, Eric Thorpe wrote:
Hi All,
One of the Viscosity developers here. The TAP driver used by Viscosity is
based on the OpenVPN TAP-Windows driver. We're surprised to hear of any
performance differences, as the changes we've made are very minimal.
Besides a name and version number change, the only other modification is a
change to the reported network adapter speed, which has Windows report the
driver as 1000 Mbit instead of 100 Mbit.
This change was made not because of any actual performance gains, but
because of user reports that certain firewall or AV software tries to QoS
the adapter based on its reported adapter speed, which is of course a
problem if the VPN connection is capable of more than 100 Mbit.
Please find a patch file of the changes attached.
first of all, thanks for responding so quickly.
I've done some further testing with Viscosity 1.6.8 (openvpn 2.3.14 based)
compared to OpenVPN 2.4.5 and I am seeing a performance difference in a
gigabit test setup. Strangely enough, it turns out that it's the *absence
of* AES256-GCM that makes my Viscosity client faster.
My test setup is as follows:
- server: CentOS 7, openvpn 2.4.4, gigabit ethernet
- client: Win7 Pro, gigabit ethernet:
Speeds (using "iperf -s" and "iperf -c 10.200.0.1 -r -l 4M -t 30"):
viscosity:
380 Mbps +/- 10 Mbps to server
100 Mbps +/- 5 Mpbs from server
Openvpn 2.4.5 --ncp-disable --cipher aes-256-cbc --auth sha256
377 Mbps +/- 10 Mbps to server
99 Mbps +/- 5 Mpbs from server
Openvpn 2.4.5 (aes256-gcm)
240 Mbps +/- 8 Mbps to server
55 Mbps +/- 5 Mpbs from server
So strangely enough it seems that AES-256-GCM is **slower** for Windows
clients. Note that in this setup the server config never changed.
I haven't tested openvpn itself but have noticed in openssl speed
tests that AES-256-CBC is significantly faster than AES-256-GCM on
Windows (opposite to Linux). That was with openssl 1.0.x, probably
1.1.0 is similar (2.4.5 Windows release is built with 1.1.0).
However, the raw cipher speeds are much larger than these throughputs
so its surprising that the change of cipher alone makes such a
difference.
Why is the throughput so asymmetric?
thanks for the confirmation; as for the assymmetry: that can be due to
many factors, including hardware differences (there is asymmetry on
Linux as well). It could also be due to the way the tap driver works,
but I have never been able to get my finger on that , and I don't use
Windows often enough to bother.
HTH,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
