Hi, On Thu, Mar 22, 2018 at 12:16 PM, Jan Just Keijser <janj...@nikhef.nl> wrote: > Hi Eric, all, > > On 22/03/18 04:25, Eric Thorpe wrote: > > Hi All, > > One of the Viscosity developers here. The TAP driver used by Viscosity is > based on the OpenVPN TAP-Windows driver. We're surprised to hear of any > performance differences, as the changes we've made are very minimal. > > Besides a name and version number change, the only other modification is a > change to the reported network adapter speed, which has Windows report the > driver as 1000 Mbit instead of 100 Mbit. > > This change was made not because of any actual performance gains, but > because of user reports that certain firewall or AV software tries to QoS > the adapter based on its reported adapter speed, which is of course a > problem if the VPN connection is capable of more than 100 Mbit. > > Please find a patch file of the changes attached. > > > first of all, thanks for responding so quickly. > I've done some further testing with Viscosity 1.6.8 (openvpn 2.3.14 based) > compared to OpenVPN 2.4.5 and I am seeing a performance difference in a > gigabit test setup. Strangely enough, it turns out that it's the *absence > of* AES256-GCM that makes my Viscosity client faster. > My test setup is as follows: > > - server: CentOS 7, openvpn 2.4.4, gigabit ethernet > - client: Win7 Pro, gigabit ethernet: > > Speeds (using "iperf -s" and "iperf -c 10.200.0.1 -r -l 4M -t 30"): > > viscosity: > 380 Mbps +/- 10 Mbps to server > 100 Mbps +/- 5 Mpbs from server > > Openvpn 2.4.5 --ncp-disable --cipher aes-256-cbc --auth sha256 > 377 Mbps +/- 10 Mbps to server > 99 Mbps +/- 5 Mpbs from server > > Openvpn 2.4.5 (aes256-gcm) > 240 Mbps +/- 8 Mbps to server > 55 Mbps +/- 5 Mpbs from server > > So strangely enough it seems that AES-256-GCM is **slower** for Windows > clients. Note that in this setup the server config never changed.
I haven't tested openvpn itself but have noticed in openssl speed tests that AES-256-CBC is significantly faster than AES-256-GCM on Windows (opposite to Linux). That was with openssl 1.0.x, probably 1.1.0 is similar (2.4.5 Windows release is built with 1.1.0). However, the raw cipher speeds are much larger than these throughputs so its surprising that the change of cipher alone makes such a difference. Why is the throughput so asymmetric? Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel