Hi, OK for the fact that OpenVPN has no way to work on several cores today, that was my conclusion too by looking everywhere on Internet. It seems that a long time ago OpenVPN guys said that it’s complicated for some reasons, and then it never moved anymore.
Then OpenVPN should be launched several times on several ports and several network rules to run in parallel, but no single connection would be able to handle more than before.
For the fact that “OpenVPN is not usually a CPU hog, and rarely is network performance affected by CPU bottlenecks.”, you are absolutely wrong, this is a really strong a precise limitation that keep the max bandwidth below (if not FAR below) the network card or provider maximum speed :
Raspberry Pi 1 : 1 core at 100%, 8~10 Mbps max (out of 100Mbps), but anyway, there is only 1 core on it.
Raspberry Pi 2 : 1 core at 100%, 40~45 Mbps max (out of 100Mbps)
Raspberry Pi 3 : 1 core at 100%, 65~75 Mbps max (out of 100Mbps)
Raspberry Pi 3+ : 1 core at 100%, 85~97 Mbps max (out of 315 Mbps)
Intel Q8400 : 1 core at 100%, 150 Mbps (out of 1 Gbps)
Scaleway baremetal C1 : 1 core at 100%, 30 Mbps (out of 200 Mbps)
Scaleway ARM64-2GB : 1 core at 100%, 62 Mbps (out of 200 Mbps)
If you take a 4 cores machine, 75% of your CPU power is lost. No comment !
Most of those CPU are embed AES instructions (apart from Pi 1)
Those values are absolute bottlenecks that should be shared between connected clients.
Lot of those values are very low when talking about dedicated servers, and the impossibility for OpenVPN to use multi-thread is responsible here. Almost 100% of the CPU usage being due to encryption. Beeing obstinate to work in C, Cobol, or Assembly clearly isn’t a good idea for embedding essentials things that began to be modern 15 years ago