OpenVPN assign process to fastest CPU

My routers are getting beefier. With multiple CPU's/cores, I would really like to assign a process from the slowest to the fastest CPU. OpenVPN could benefit speed wise.

Is there any merit to this ?

What does "fastest CPU" mean in the context of processors with multiple identical cores? Yes, I know there are ARM's big.LITTLE cores and Intel's P/E cores, but these are basically non-existent in routers besides people running OpenWrt on particular PC hardware.

If by "fastest" you mean "the core with the smallest task queue", Linux already does a pretty good job balancing tasks across cores.

If by "fastest" you mean "the most overclockable core", I'm not sure overclocking a critical part of network infrastructure like routers is a good idea in the first place.

A major bottleneck in OpenVPN performance is the context switching and buffer copying between the kernel and userspace. Wireguard on the other hand is implemented entirely in the Linux kernel. So if VPN speed is the issue, you will get much better results using Wireguard instead of trying to tweak the Linux scheduler.


Ahh...big/little that was the term I needed. It would be nice to assign the OpenVPN service to the BIG core. (Wireguard is great, but it sticks out like a sore thumb. I'm told).

WireGuard is much faster (not only in-kernel but also multi-threaded) and much easier to implement.

Try it and you are sold :wink:

1 Like

That depends on if the specific device has an [enabled] crypto accelerator/CPU for one of the OpenVPN algorithms in use.

I'm now curious what hardware you're running OpenWrt on, because the multi-core hardware I usually see around here use non-heterogeneous architectures.

That being said, you can pin the OpenVPN process to particular CPUs using the taskset command. This command is available on OpenWrt 23.05. This is not available on previous versions, since the commit enabling it was made in March 2023.

What's your threat model? Do you need censorship resistance? Or do you just want to hide from port scanners?

1 Like

I know, but I use OpenVPN because its solid and common, but much slower. So any increase I can get is very welcome.

Thank you, that's very helpful.

Lets say that things are getting "uneasy" around here. So the more normal everything looks the better.