Poor performance with openvpn


#1

I am currently running vyos in a VM using proxmox (kvm based i think) and open vswitch. My server is a dell r610 with 2 xeon 5630 cpus. Using the virtio drivers for the nic and host mode for the cpu. I can see that vyos does see aes ni as an option looking at /proc/cpuinfo.

Using aes128+sha1 on the open vpn tunnel, im getting about 45 mbps with top showing openssl CPU% at 90ish. Previously I had vyos instaled on esxi and was getting about 100mbps (the remote device was the weak link, so the server could have probably went higher) while top showed openssl CPU% at about 55.

I am unsure how to confirm vyos/openvpn is taking advantage of AES-NI. Ive looked all over, found a few people showing a method to verify but the method either didn’t work for me or its just not using AES-NI. With the mentioned test, I saw the same performance with AES-NI (supposedly) disabled as I did with it (supposedly) enabled.

I have tried this without a tunnel or encryption just to verify the basic networking is fine, and I can push about 1gbs through it that way which is the limit of the physical NICs.

Can anyone offer any advice here?