[ANSWERED] - OpenVPN and multi-core configuration


#1

Hi,

It seems that OpenVPN, installed as server (or client, same problem) is only able to use the power of 1 CPU core.
If you have 3 clients both running iperf with any number of parallel streams, “top” command shows that openvpn only use 100.0% where some apps are able to hit 800% if multi-threaded (and 8 core)

OpenVPN is not multi-threaded but does anybody succeeded is having more than 1 core / process running ?
On scaleway servers having 8 cores or more, this limitation is really a bad thing :wink:

The same question apply for any server (Online or Scaleway or Raspberry Pi or anything that has several CPU cores).

Thanks !


#2

OpenVPN can;t at the moment support multi-threading, though that’s on the roadmap. You can read more at: https://community.openvpn.net/openvpn/wiki/RoadMap#Threading .

Meanwhile, if this is really impeding your performance, you can adjust your setup to run more openvpn processes. If, say, you have two heavy clients, assign specific openvpn services for them on two different ports. Otherwise, OpenVPN is not usually a CPU hog, and rarely is network performance affected by CPU bottlenecks.


#3

Hi, OK for the fact that OpenVPN has no way to work on several cores today, that was my conclusion too by looking everywhere on Internet. It seems that a long time ago OpenVPN guys said that it’s complicated for some reasons, and then it never moved anymore.

Then OpenVPN should be launched several times on several ports and several network rules to run in parallel, but no single connection would be able to handle more than before.

For the fact that “OpenVPN is not usually a CPU hog, and rarely is network performance affected by CPU bottlenecks.”, you are absolutely wrong, this is a really strong a precise limitation that keep the max bandwidth below (if not FAR below) the network card or provider maximum speed :

Raspberry Pi 1 : 1 core at 100%, 8~10 Mbps max (out of 100Mbps), but anyway, there is only 1 core on it.
Raspberry Pi 2 : 1 core at 100%, 40~45 Mbps max (out of 100Mbps)
Raspberry Pi 3 : 1 core at 100%, 65~75 Mbps max (out of 100Mbps)
Raspberry Pi 3+ : 1 core at 100%, 85~97 Mbps max (out of 315 Mbps)
Intel Q8400 : 1 core at 100%, 150 Mbps (out of 1 Gbps)
Scaleway baremetal C1 : 1 core at 100%, 30 Mbps (out of 200 Mbps)
Scaleway ARM64-2GB : 1 core at 100%, 62 Mbps (out of 200 Mbps)

If you take a 4 cores machine, 75% of your CPU power is lost. No comment !

Most of those CPU are embed AES instructions (apart from Pi 1)
Those values are absolute bottlenecks that should be shared between connected clients.

Lot of those values are very low when talking about dedicated servers, and the impossibility for OpenVPN to use multi-thread is responsible here. Almost 100% of the CPU usage being due to encryption. Beeing obstinate to work in C, Cobol, or Assembly clearly isn’t a good idea for embedding essentials things that began to be modern 15 years ago :confused:


#4

One last interesting thing, about this subject and Scaleway machines :

  • ARM64-2GB, 4 ARMv8, 2 GB, 50 GB, 200 Mbits/s, €2.99/mo
    is aproximately the same performance that
  • 1-S, 2 x86-64, 2 GB, 50 GB, 200 Mbits/s, €3.99/mo

But since the second machine only need 2 cores instead of 4 for giving the same performance, OpenVPN gives 125Mbps bandwidth whit the 1-S (it’s only loosing half of the CPU performance, instead of loosing 75% of CPU performance on the 4 core ARM one)

Didn’t tried the 1-XS (1 x86-64 core) but it’s limited to 100 Mbps (which is not as good as the 1-S one with 125Mbps). But 100Mbps for 1.99€ is pretty good price (even if it’s missing 90% of an fiber to home 1000 Mbps domestic connection…) !

So compared to the 4x ARM64,

  • with the 1-S the price is multiplied by 1.33 but the OpenVPN “per-core bandwidth” is multiplied by 2.
  • with the 1-XS the price is multiplied by 0.66 and the bandwidth is multiplied by 1.6 - if the CPU core is the same that the 1-S)

But the day OpenVPN will become multi threaded I guess everything will change.