VPN benchmarking14. Apr '17
For anyone who were wondering how much throughput you might expect from different hardware/software combinations. In this case iperf was used to measure throughput, for applications (eg. fileserver) your mileage will vary due to WAN link latency etc.
Device |
OS |
Software |
CPU load |
Throughput |
|---|---|---|---|---|
TP-Link Archer C7 |
OpenWrt 15.05.1 |
OpenVPN |
100% |
25Mbps |
TP-Link Archer C7 |
OpenWrt 15.05.1 |
StrongSwan |
100% |
40Mbps |
Omnia Turris |
Turris OS |
OpenVPN 2.4.0 |
100% |
96Mbps |
Omnia Turris |
Turris OS |
StrongSwan 5.3.5 |
100% |
300Mbps |
Intel i7-6500U |
Linux 4.10 |
OpenVPN 2.3.10 |
100% |
483Mbps |
Intel i7-6500U |
Linux 4.4 |
OpenVPN 2.3.10 |
100% |
420Mbps |
Intel i7-4770R |
Linux 4.9 |
OpenVPN 2.4.1 |
85% |
483Mbps |
Intel i7-6500U |
Linux 4.4 |
StrongSwan 5.3.5 |
20% |
895Mbps |
1GbE |
N/A |
none |
<1% |
940Mbps |
Conclusions:
StrongSwan throughput is double the the OpenVPN on average
Since TP-Link Archer C7 is running MIPS CPU at 720MHz and there is no hardware acceleration for crypto the both StrongSwan and OpenVPN the CPU becomes the bottleneck
Omnia Turris can easily saturate 100MBps WAN link
Note: Since all these applications are single-threaded CPU load means single core CPU usage
Don't be hasty to draw conclusions on whether StrongSwan is better than OpenVPN or not, both have pros and cons. StrongSwan heavily relies on Linux kernel modules, from security perspecive IPSec is very intrusive and opens up whole lot of new attack vectors while OpenVPN makes use of TUN/TAP driver and everything else happens in userspace - if the OpenVPN process crashes it won't take your machine along.