0

I self-host my own strongSwan VPN server.

When running Borg backups to a remove filesystem (running on a different server), I am able to upload at ~ 2.5MB/s without the VPN and ~ 1.5MB/s over the VPN.

Is that normal? When I run a test on speedtest.net (over the VPN), I am able to reach upload speeds of 40Mbps (8MB/s).

The Borg backup server ingest speed is slower than my upload speed... OK... but why can't I upload at ~ 2.5MB/s over the VPN given I can run a test on speedtest.net at 8MB/s?

Btw, I confirm it isn't a CPU issue on the client or server.

sunknudsen
  • 701
  • 3
  • 14
  • 28
  • Thanks for the follow-up @tater. I confirm it isn't a CPU issue on the client or server (confirmed using `top`). – sunknudsen Nov 19 '20 at 14:42
  • My gut feeling is that the speedtest.net test also confirmed the above. – sunknudsen Nov 19 '20 at 14:43
  • `speedtest.net` is usually ISP local speedtest, and does not take into account full path bandwidth (use iperf or do a speedtest against the site that the remote network is using for speedtest) – Jacob Evans Nov 19 '20 at 14:46
  • @JacobEvans I am running the speedtest.net test through the VPN... therefore the VPN should limit the speed of the test correct? – sunknudsen Nov 19 '20 at 14:54
  • Note that IPSec is going to expand the data due to the encryption headers anyway - that stuff doesn't come for free, so you're certainly not going to get 2.5 over VPN if you're getting that without VPN. – tater Nov 19 '20 at 15:08
  • Hey @tater, even if I can get 40Mbps when running a speed test? – sunknudsen Nov 19 '20 at 15:15
  • 1
    I view your speedtest as basically irrelevant. Baseline is 2.5 MB/sec without the VPN. Now what IPSec does to that? First, there are headers added, say ~10% (probably a bit less) which comes straight off the rate. Second, if additional data is added after fragmentation and packets exceed the MTU, then your rate is going to take a hit (see e.g. https://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/vspa/configuration/guide/ivmsw_book/ivmvpnb.pdf), so you could try reducing MTU. Apart from networking, there's CPU (not just total, but how loaded individual cores are) etc. – tater Nov 19 '20 at 15:30

0 Answers0