Changes between Initial Version and Version 1 of PerformanceTestingOpenVPN


Ignore:
Timestamp:
08/21/19 14:42:58 (10 months ago)
Author:
David Sommerseth
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • PerformanceTestingOpenVPN

    v1 v1  
     1= Performance testing OpenVPN =
     2
     3This document describes how performance testing OpenVPN can be done using a more static and predictable environment using EC2 hosts on Amazon Web Services (AWS).
     4
     5Using AWS with an isolated Virtual Private Cloud (VPC) gives you a closed high performing network well suited for performance testing.  All hosts within the same VPC will not be disturbed by random other hosts.  This means the test results we get here are more like "laboratory results", which indicates the performance within optimal conditions.  This does not mean you will get the same performance when setting up a connection over the Internet, but these test results should give an good idea what you can expect if you have no issues with your connection between your clients and the OpenVPN server.
     6
     7In this document we use OpenVPN 2.4 on the server side.  The Windows client is tested using both OpenVPN 2.4 and the OpenVPN 3 reference client.
     8
     9== TL;DR performance results ==
     10
     11The test run we did following this guide gave us these results:
     12
     13* Direct TCP connection without VPN: close to **7Gbit/sec**
     14* OpenVPN 2 Windows client, using tap-windows6: **414 Mbit/sec**
     15* OpenVPN 3 reference client, using tap-windows6: **652 Mbit/sec**
     16
     17= Preparations =
     18
     19== AWS preparations ==
     201. Log in to AWS console
     211. Create VPC
     22   * in "VPC Dashboard" select "Your VPCs" -> "Create VPC"
     23   * name it "performance_test"
     24   * use "10.0.0.0/24" as IPv4 CIDR block
     25   * select "Tenancy: Dedicated"
     261. Create an Internet Gateway
     27   * in "VPC Dashboard" select "Internet Gateways" -> "Create internet gateway"
     28   * name it "performance_test_igw"
     29   * attach it to VPC - right click, "attach to VPC", select "performance_test"
     301. Create subnet
     31   * in "VPC Dashboard" select "Subnets" -> Create "subnet"
     32   * name it "performance_test_subnet"
     33   * select "performance_test" VPC
     34   * use "10.0.0.0/24" as IPv4 CIDR block
     351. Set up VPC routing
     36   * in "VPC Dashboard" select "Your VPCs"
     37   * select "performance_test"
     38   * click on value in "main route table" column
     39   * select "Routes" -> "Edit routes"
     40   * add route "0.0.0.0/0", target "Internet Gateway", select "performance_test_i gw"
     411. Create placement group
     42   * in "EC2 Dashboard" select "Placement Groups" -> "Create Placement Group"
     43   * name it "performance_test_pg"
     44   * select "Cluster" strategy
     45
     46== OpenVPN server setup ==
     471. Launch VPN server instance
     48   * EC2 Dashboard -> Launch Instance
     49   * select "Ubuntu Server 18.04 LTS (HVM), SSD Volume Type"
     50   * select "c5.xlarge" instance
     51   * in bottom right corner push "Next: Configure Instance Details"
     52     * select "performance_test" as a "Network"
     53     * you should have "performance_test_subnet" autoselected
     54     * select "Add instance to placement group"
     55     * select "Add to existing placement group"
     56     * select "performance_test_pg"
     57   * push "Review and Launch" in bottom right corner
     581. Assign IP address
     59   * in "EC2 Dashboard" select "Elastic IPs" -> "Allocate new address"
     60   * use default "Amazon pool" selection
     61   * push "Allocate", then "Close"
     62   * right click on newly allocated address -> select "Associate address"
     63   * select newly created VPN server instance and push "Associate"
     641. Name instance as "performance test server"
     65
     66=== Configure OpenVPN server ===
     671. Use SSH to connect to the EC2 instance, and run the `apt` command as indicated
     68{{{
     69$ ssh ubuntu@<vpc-ip-address-of-server>
     70[.....]
     71[ubuntu@....] $ sudo apt update && sudo apt install -y iperf3 openvpn
     72}}}
     731. create openvpn server config
     74   * switch to /etc/openvpn directory: `cd /etc/openvpn`
     75   * download dh2048.pem, ca.crt, server.crt, server.key from https://github.com/OpenVPN/openvpn/tree/master/sample/sample-keys
     76{{{
     77$ sudo wget https://raw.githubusercontent.com/OpenVPN/openvpn/master/sample/sample-keys/dh2048.pem
     78}}}
     79     and so on.  You will need dh2048.pem, ca.crt, server.key, server.crt
     801. create /etc/openvpn/server.ovpn with content
     81{{{
     82port 1194
     83proto udp
     84dev tun
     85ca /etc/openvpn/ca.crt
     86cert /etc/openvpn/server.crt
     87key /etc/openvpn/server.key
     88dh /etc/openvpn/dh2048.pem
     89topology subnet
     90server 10.8.0.0 255.255.255.0
     91keepalive 5 30
     92verb 4
     93}}}
     941. start the openvpn daemon
     95{{{
     96$ sudo openvpn --config /etc/openvpn/server.ovpn --daemon
     97}}}
     98
     99== Windows OpenVPN client setup ==
     1001. Launch a new VPN Windows client instance in AWS
     101  * EC2 Dashboard -> Launch Instance
     102  * select "Windows Server 2016 Base"
     103  * select "c5.xlarge" instance
     104  * edit instance details
     105    * select "performance_test" as a "Network"
     106    * you should have "performance_test_subnet" autoselected
     107    * select "Add instance to placement group"
     108    * select "Add to existing placement group"
     109    * select "performance_test_pg"
     1101. Assign IP address
     111   * in "EC2 Dashboard" select "Elastic IPs" -> "Allocate new address"
     112   * select "associate address"
     113   * right click on address -> select newly created VPN windows client instance -> "Associate"
     1141. Create Security Group
     115   * EC2 Dashboard -> Security Groups -> Create Security Group
     116   * use "performance_test_sg" as name
     117   * use "Allow all traffic inside VPC" as a description
     118   * select "peformance_test" as VPC
     119   * add inbound rule, "All Traffic" -> source Custom "10.0.0.0/16"
     120   * Go to EC2 Dashboard -> Instances
     121   * select server instance, right click -> networking -> change security groups -> add "performance_test_sg"
     122   * repeat for client instance
     123
     124=== Configure Windows OpenVPN client ===
     1251. Right click on instance -> Get Windows Password
     1261. Specify private key from keypair you used when creating instance
     1271. Save Administrator password
     1281. Connect to machine via Remote Desktop
     1291. download needed software packages
     130   * consider installing some normal browser (Chrome / FF) since Edge / IE has horrible user experience
     131   * download iPerf3 from https://iperf.fr/download/windows/iperf-3.1.3-win64.zip, extract to C:\Temp\iperf3
     132   * download and install OpenVPN GUI client from https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.7-I607-Win10.exe
     133   * download and install Visual C++ Redistributable https://aka.ms/vs/16/release/vc_redist.x64.exe
     1341. create C:\Temp\client.ovpn with the following content:
     135{{{
     136client
     137dev tun
     138proto udp
     139remote <vpc-ip-address-of-server> 1194
     140ca c:\\Temp\\ca.crt
     141cert C:\\Temp\\client.crt
     142key C:\\Temp\\client.key
     143verb 3
     144}}}
     1451. download ca.crt, client.crt and client.key from  https://github.com/OpenVPN/openvpn/tree/master/sample/sample-keys to C:\Temp
     1461. run OpenVPN GUI, right click on tray icon -> Import file, specify C:\Temp\client.ovpn
     1471. download openvpn3 test client from  https://ci.appveyor.com/project/openvpn/openvpn3/builds/25439762/artifacts to C:\Temp\openvpn3
     148
     149= Running Performance Tests =
     150
     151== Bandwidth tests - no VPN ==
     1521. on server machine, run `iperf3 -s 0.0.0.0`
     1531. on client machine:
     154{{{
     155c:\Temp>iperf3.exe -c <VPC (which is 10.0.0.x, NOT VPN!) IP address of server> -V -t 60
     156iperf 3.1.3
     157CYGWIN_NT-10.0 EC2AMAZ-FTIR7C4 2.5.1(0.297/5/3) 2016-04-21 22:14 x86_64
     158Time: Thu, 20 Jun 2019 11:50:10 GMT
     159Connecting to host 10.0.0.78, port 5201
     160      Cookie: EC2AMAZ-FTIR7C4.1561031410.179818.46
     161      TCP MSS: 0 (default)
     162[  4] local 10.0.0.15 port 49719 connected to 10.0.0.78 port 5201
     163Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 60 second test
     164[ ID] Interval           Transfer     Bandwidth
     165[  4]   0.00-1.00   sec   821 MBytes  6.88 Gbits/sec
     166[  4]   1.00-2.00   sec   820 MBytes  6.88 Gbits/sec
     167<skipped>
     168[  4]  58.00-59.00  sec   831 MBytes  6.97 Gbits/sec
     169[  4]  59.00-60.00  sec   832 MBytes  6.98 Gbits/sec
     170- - - - - - - - - - - - - - - - - - - - - - - - -
     171Test Complete. Summary Results:
     172[ ID] Interval           Transfer     Bandwidth
     173[  4]   0.00-60.00  sec  48.7 GBytes  6.97 Gbits/sec                  sender
     174[  4]   0.00-60.00  sec  48.7 GBytes  6.97 Gbits/sec                  receiver
     175CPU Utilization: local/sender 19.5% (5.6%u/13.9%s), remote/receiver 38.5% (1.1%u/37.4%s)
     176iperf Done
     177}}}
     178
     179Bandwith performance results indicates close to **7Gbit/sec**
     180
     181== Performance test - OpenVPN 2 - Windows - tap-windows6 ==
     1821. on client machine, start OpenVPN 2 GUI, right click on tray icon -> Connect
     1831. run iperf3
     184{{{
     185c:\Temp\iperf3>iperf3.exe -c 10.8.0.1 -V -t 60
     186iperf 3.1.3
     187CYGWIN_NT-10.0 EC2AMAZ-FTIR7C4 2.5.1(0.297/5/3) 2016-04-21 22:14 x86_64
     188Time: Fri, 21 Jun 2019 09:14:04 GMT
     189Connecting to host 10.8.0.1, port 5201
     190      Cookie: EC2AMAZ-FTIR7C4.1561108444.929966.30
     191      TCP MSS: 0 (default)
     192[  4] local 10.8.0.2 port 49715 connected to 10.8.0.1 port 5201
     193Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 60 second test
     194[ ID] Interval           Transfer     Bandwidth
     195[  4]   0.00-1.00   sec  39.5 MBytes   331 Mbits/sec
     196[  4]   1.00-2.00   sec  53.9 MBytes   453 Mbits/sec
     197<skipped>
     198[  4]  58.00-59.00  sec  47.4 MBytes   397 Mbits/sec
     199[  4]  59.00-60.00  sec  39.4 MBytes   330 Mbits/sec
     200- - - - - - - - - - - - - - - - - - - - - - - - -
     201Test Complete. Summary Results:
     202[ ID] Interval           Transfer     Bandwidth
     203[  4]   0.00-60.00  sec  2.89 GBytes   414 Mbits/sec                  sender
     204[  4]   0.00-60.00  sec  2.89 GBytes   414 Mbits/sec                  receiver
     205CPU Utilization: local/sender 5.4% (0.5%u/4.9%s), remote/receiver 35.4% (4.9%u/30.6%s)
     206iperf Done.
     207}}}
     2081. Right click on tray icon -> Disconnect
     209
     210Performance results indicates **414 Mbit/sec**
     211
     212== Performance test - OpenVPN 3 - Windows - tap-windows6 ==
     2131. in administrative command prompt run OpenVPN3 test client:
     214{{{
     215c:\Temp\openvpn3>cli.exe ..\client.ovpn
     216}}}
     2171. in another command prompt run iperf3:
     218{{{
     219c:\Temp\iperf3>iperf3.exe -c 10.8.0.1 -V -t 60
     220iperf 3.1.3
     221CYGWIN_NT-10.0 EC2AMAZ-FTIR7C4 2.5.1(0.297/5/3) 2016-04-21 22:14 x86_64
     222Time: Fri, 21 Jun 2019 09:22:17 GMT
     223Connecting to host 10.8.0.1, port 5201
     224      Cookie: EC2AMAZ-FTIR7C4.1561108937.562602.50
     225      TCP MSS: 0 (default)
     226[  4] local 10.8.0.2 port 49723 connected to 10.8.0.1 port 5201
     227Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 60 second test
     228[ ID] Interval           Transfer     Bandwidth
     229[  4]   0.00-1.00   sec  79.9 MBytes   669 Mbits/sec
     230[  4]   1.00-2.00   sec  75.0 MBytes   629 Mbits/sec
     231<skipped>
     232[  4]  58.00-59.00  sec  80.6 MBytes   676 Mbits/sec
     233[  4]  59.00-60.00  sec  78.2 MBytes   656 Mbits/sec
     234- - - - - - - - - - - - - - - - - - - - - - - - -
     235Test Complete. Summary Results:
     236[ ID] Interval           Transfer     Bandwidth
     237[  4]   0.00-60.00  sec  4.56 GBytes   652 Mbits/sec                  sender
     238[  4]   0.00-60.00  sec  4.56 GBytes   652 Mbits/sec                  receiver
     239CPU Utilization: local/sender 1.5% (0.3%u/1.2%s), remote/receiver 37.4% (4.7%u/32.7%s)
     240iperf Done.
     241}}}
     2421. press [F4] to stop test client
     243
     244Performance results indicates **652 Mbit/sec**