Remote acces vpn ipsec/l2tp low performance


#1

I’m testing vyos to build a remote access vpn for windows/mac clients and I noticed the poor performance and hight CPU usage by xl2tpd.

Also, I’ve backported xl2tp from debian testing and compiled with kernel l2tp enhancing options (vyos build was’nt) but also requires a kernel and pppd module.
vyos has l2tp_ppp modules, but not pppd module.
I’ve also backported ppp 2.4.5 from debian and run a ipsec/l2tp with these kernel accelerations (my test server has also aes-ni instrucctions).
I don’t do a exaustive benchmark, I only do a Iperf and monitorizes CPU usage with top.
My ipsec/l2tp client was a windows xp and bandwith was limited by CPU usage from this client, and use iperf to generate traffic.
When I do the first bench on vyos without mods shows I noticed that xl2tpd uses 40%CPU, and iperf shows me a 30mbps average.
But when I do the same test with a xl2tpd/pppd enhancements, iperf shows me same bps, but cpu was over 99%idle.
No xl2tpd cpu usage.

backporting xl2tpd with kernel enhancements was easy, but pppd was modified by vyatta to renaming interfaces option.
Edit: backported ppp package from debian/weeze (thanks to zekozeko)
http://vyosvpn.uv.es/vyos-ppp/

But why vyos rename interfaces?
It’s only for show vpn remote-access?
I think that should be better to add additional info on interface alias than rename interface.
And use ppp package from debian and only add renaming options at vyatta-ppp.

Any suggestions?

Thanks.


#2

His working package can be found here
http://vyosvpn.uv.es/vyos-ppp/


#3

xl2tpd with kernel acceleration can be found here:
http://vyosvpn.uv.es/xl2tpd