VPN benchmarking14. Apr '17

For anyone who were wondering how much throughput you might expect from different hardware/software combinations. In this case iperf was used to measure throughput, for applications (eg. fileserver) your mileage will vary due to WAN link latency etc.

Device

OS

Software

CPU load

Throughput

TP-Link Archer C7

OpenWrt 15.05.1

OpenVPN

100%

25Mbps

TP-Link Archer C7

OpenWrt 15.05.1

StrongSwan

100%

40Mbps

Omnia Turris

Turris OS

OpenVPN 2.4.0

100%

96Mbps

Omnia Turris

Turris OS

StrongSwan 5.3.5

100%

300Mbps

Intel i7-6500U

Linux 4.10

OpenVPN 2.3.10

100%

483Mbps

Intel i7-6500U

Linux 4.4

OpenVPN 2.3.10

100%

420Mbps

Intel i7-4770R

Linux 4.9

OpenVPN 2.4.1

85%

483Mbps

Intel i7-6500U

Linux 4.4

StrongSwan 5.3.5

20%

895Mbps

1GbE

N/A

none

<1%

940Mbps

Conclusions:

  • StrongSwan throughput is double the the OpenVPN on average

  • Since TP-Link Archer C7 is running MIPS CPU at 720MHz and there is no hardware acceleration for crypto the both StrongSwan and OpenVPN the CPU becomes the bottleneck

  • Omnia Turris can easily saturate 100MBps WAN link

Note: Since all these applications are single-threaded CPU load means single core CPU usage

Don't be hasty to draw conclusions on whether StrongSwan is better than OpenVPN or not, both have pros and cons. StrongSwan heavily relies on Linux kernel modules, from security perspecive IPSec is very intrusive and opens up whole lot of new attack vectors while OpenVPN makes use of TUN/TAP driver and everything else happens in userspace - if the OpenVPN process crashes it won't take your machine along.

Turris OpenVPN OpenWrt StrongSwan