Tonight I tested a Raspberry Pi model B running Raspbian as an OpenVPN-capable router. I used an Apple USB FastEthernet adaptor as the external interface. Results are disappointing. Pushing traffic through the VPN produced 90% CPU usage at about 8 Mbit with the CPU running at 700 MHz (no CPU overclocking). That’s far below what my tests with “openssl speed” produced.
My goal is to produce a low-power router capable of high-speed VPN encryption using OpenVPN, PPTP, and IPsec. Simply routing is easy, but encrypting on the device is another matter.
OpenVPN defaults to using OpenSSL with SHA-1. Using an average network packet of 1K, “openssl speed” indicates that my Pi should out-perform my Buffalo router by about 3 times over:
# Buffalo WZR-HP-G300NH with OpenWRT 10.03.1: root@buffalo:~# openssl speed sha1 type 16 bytes 64 bytes 256 bytes 1024 bytes 2048 bytes sha1 910.96k 2470.68k 4990.85k 6953.07k 7284.12k # Raspberry Pi with Raspbian "wheezy" @ 700 MHz ARM clock: root@routerberrypi:~# openssl speed sha1 type 16 bytes 64 bytes 256 bytes 1024 bytes 2048 bytes sha1 1634.07k 5627.26k 14426.31k 23815.77k 29542.22k
However, it doesn’t. In fact the Buffalo can achieve 12-13 Mbit at 100% CPU usage. My first guess was that that OpenVPN isn’t compiled with hard-float support, unlike OpenSSL itself. However, both binaries are linked to the same hard-float-capable libraries:
root@routerberrypi:~# ldd /usr/sbin/openvpn ... libssl.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0 (0xb6dfd000) libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6c9a000) root@routerberrypi:~# ldd /usr/bin/openssl ... libssl.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0 (0xb6ebe000) libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6d5b000)
Does anyone know what’s going on?
Tags: openssl, openvpn, raspberrypi
-
Hi there!!
My guess go to the poorly built USB qualcomm drivers on the raspberry. I had also performance troubles with them, low network speed and CPU stuck on I/O operations when accessing the disk.
If you are wondering, the RJ-45 is internally plugged to the USB too :S.Let me know if you manage to fix it!!!! ;)
-
An external USB disk I mean!!!! xDDD
-
Personally I favour the PC Engines ALIX (pcengines.ch) for low-power routing and OpenVPN-ing, although at 3-4W at idle rising to 6W at load (according to the manual, not measured by me) it’s not quite as low power as the Raspberry Pi. Three built-in 100M network interfaces, too.
-
14 comments
Comments feed for this article
Trackback link: https://www.tolaris.com/2013/07/18/poor-openvpn-performance-on-raspberry-pi/trackback/