Hi guys,
After years of struggles with various ipsec tunnels, I switched to an OpenVPN site-to-site tunnel between two of my sites and it came online immediately and worked exactly as expected. It's great!
With that said, the tunnel speed is not quite what I am expecting so I'm looking for ways to optimize my config.
Both sites are located in the downtown Chicagoland area, where network speeds are higher than expected.
SITE A - Comcast - 150mbps down / 20mbps up (Actual results = 180 mbps down / 24 mbps up)
SITE B - Comcast - 75 mbps down / 10mbps up (Actual results = 90 mbps down / 12 mbps up)
Yet, transferring files from site A to site B only yields max of 9mbps. Why is it not closer to 20 mbps? There is no other network activity. Is this due to the OpenVPN configuration?
Site A config:
openvpn vtun1 {
description "Site A Tunnel"
local-address 10.xx.xx.2 {
}
local-port 1195
mode site-to-site
openvpn-option --float
openvpn-option "--ping 10"
openvpn-option "--ping-restart 20"
openvpn-option --ping-timer-rem
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
remote-address 10.xx.xx.1
remote-host site-b.dyndns.org
remote-port 1195
shared-secret-key-file /config/auth/secret
}Site B config:
openvpn vtun1 {
description "Site B Tunnel"
local-address 10.xx.xx.1 {
}
local-port 1195
mode site-to-site
openvpn-option --float
openvpn-option "--ping 10"
openvpn-option "--ping-restart 20"
openvpn-option --ping-timer-rem
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
remote-address 10.xx.xx.2
remote-host site-a.dyndns.org
remote-port 1195
shared-secret-key-file /config/auth/secret
}What settings can be changed to make the host-host transfers faster while maintaing a reasonable level of encryption?
I am not specifying the encryption because I believe the OpenVPN defaults are used if nothing is specified.
Thanks
Bob