ToH VPN performance: Input needed for OpenVPN + Wireguard

Talk about Documentation
1

Continuing the discussion from Which hardware for x Mbit OpenVPN:

In addition to the two graphics at
https://openwrt.org/docs/guide-user/services/vpn/openvpn/performance
https://openwrt.org/docs/guide-user/services/vpn/wireguard/wireguard_performance

we now have also https://openwrt.org/toh/views/toh_vpn_performance

This table, once filled, can help users find the right device for their usecase.

Since this is still lacking data, the input of the OpenWrt forum users is very much appreciated. :slight_smile:

How to enter OpenVPN / Wireguard performance in the ToH dataentries:

  1. In the ToH VPN performance, click "View/Edit data"
  2. Scroll down, click the Edit button on the left side below the dataentry box
  3. Enter numbers for OpenVPN / Wireguard performance (max Mbps achievable; just the pure number, without Mbps or the like)
  4. After a preview to check if your input is ok, click Save

Thanks for your support!

2 Likes
2

Sounds good but for what OpenVPN encryption?

Here is "short" list:

root@orangepizero:~# openvpn --show-ciphers
The following ciphers and cipher modes are available for use
with OpenVPN. Each cipher shown below may be use as a
parameter to the --cipher option. The default key size is
shown as well as whether or not it can be changed with the
--keysize directive. Using a CBC or GCM mode is recommended.
In static key mode only CBC mode is allowed.

AES-128-CBC (128 bit key, 128 bit block)
AES-128-CFB (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB1 (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB8 (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-GCM (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-OFB (128 bit key, 128 bit block, TLS client/server mode only)
AES-192-CBC (192 bit key, 128 bit block)
AES-192-CFB (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-CFB1 (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-CFB8 (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-GCM (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-OFB (192 bit key, 128 bit block, TLS client/server mode only)
AES-256-CBC (256 bit key, 128 bit block)
AES-256-CFB (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-CFB1 (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-CFB8 (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-GCM (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-OFB (256 bit key, 128 bit block, TLS client/server mode only)
ARIA-128-CBC (128 bit key, 128 bit block)
ARIA-128-CFB (128 bit key, 128 bit block, TLS client/server mode only)
ARIA-128-CFB1 (128 bit key, 128 bit block, TLS client/server mode only)
ARIA-128-CFB8 (128 bit key, 128 bit block, TLS client/server mode only)
ARIA-128-GCM (128 bit key, 128 bit block, TLS client/server mode only)
ARIA-128-OFB (128 bit key, 128 bit block, TLS client/server mode only)
ARIA-192-CBC (192 bit key, 128 bit block)
ARIA-192-CFB (192 bit key, 128 bit block, TLS client/server mode only)
ARIA-192-CFB1 (192 bit key, 128 bit block, TLS client/server mode only)
ARIA-192-CFB8 (192 bit key, 128 bit block, TLS client/server mode only)
ARIA-192-GCM (192 bit key, 128 bit block, TLS client/server mode only)
ARIA-192-OFB (192 bit key, 128 bit block, TLS client/server mode only)
ARIA-256-CBC (256 bit key, 128 bit block)
ARIA-256-CFB (256 bit key, 128 bit block, TLS client/server mode only)
ARIA-256-CFB1 (256 bit key, 128 bit block, TLS client/server mode only)
ARIA-256-CFB8 (256 bit key, 128 bit block, TLS client/server mode only)
ARIA-256-GCM (256 bit key, 128 bit block, TLS client/server mode only)
ARIA-256-OFB (256 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-128-CBC (128 bit key, 128 bit block)
CAMELLIA-128-CFB (128 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-128-CFB1 (128 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-128-CFB8 (128 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-128-OFB (128 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-192-CBC (192 bit key, 128 bit block)
CAMELLIA-192-CFB (192 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-192-CFB1 (192 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-192-CFB8 (192 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-192-OFB (192 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-256-CBC (256 bit key, 128 bit block)
CAMELLIA-256-CFB (256 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-256-CFB1 (256 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-256-CFB8 (256 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-256-OFB (256 bit key, 128 bit block, TLS client/server mode only)
SEED-CBC (128 bit key, 128 bit block)
SEED-CFB (128 bit key, 128 bit block, TLS client/server mode only)
SEED-OFB (128 bit key, 128 bit block, TLS client/server mode only)
SM4-CBC (128 bit key, 128 bit block)
SM4-CFB (128 bit key, 128 bit block, TLS client/server mode only)
SM4-OFB (128 bit key, 128 bit block, TLS client/server mode only)

The following ciphers have a block size of less than 128 bits,
and are therefore deprecated. Do not use unless you have to.

BF-CBC (128 bit key by default, 64 bit block)
BF-CFB (128 bit key by default, 64 bit block, TLS client/server mode only)
BF-OFB (128 bit key by default, 64 bit block, TLS client/server mode only)
CAST5-CBC (128 bit key by default, 64 bit block)
CAST5-CFB (128 bit key by default, 64 bit block, TLS client/server mode only)
CAST5-OFB (128 bit key by default, 64 bit block, TLS client/server mode only)
DES-CBC (64 bit key, 64 bit block)
DES-CFB (64 bit key, 64 bit block, TLS client/server mode only)
DES-CFB1 (64 bit key, 64 bit block, TLS client/server mode only)
DES-CFB8 (64 bit key, 64 bit block, TLS client/server mode only)
DES-EDE-CBC (128 bit key, 64 bit block)
DES-EDE-CFB (128 bit key, 64 bit block, TLS client/server mode only)
DES-EDE-OFB (128 bit key, 64 bit block, TLS client/server mode only)
DES-EDE3-CBC (192 bit key, 64 bit block)
DES-EDE3-CFB (192 bit key, 64 bit block, TLS client/server mode only)
DES-EDE3-CFB1 (192 bit key, 64 bit block, TLS client/server mode only)
DES-EDE3-CFB8 (192 bit key, 64 bit block, TLS client/server mode only)
DES-EDE3-OFB (192 bit key, 64 bit block, TLS client/server mode only)
DES-OFB (64 bit key, 64 bit block, TLS client/server mode only)
DESX-CBC (192 bit key, 64 bit block)
RC2-40-CBC (40 bit key by default, 64 bit block)
RC2-64-CBC (64 bit key by default, 64 bit block)
RC2-CBC (128 bit key by default, 64 bit block)
RC2-CFB (128 bit key by default, 64 bit block, TLS client/server mode only)
RC2-OFB (128 bit key by default, 64 bit block, TLS client/server mode only)

root@orangepizero:~# openvpn --show-digests
The following message digests are available for use with
OpenVPN. A message digest is used in conjunction with
the HMAC function, to authenticate received packets.
You can specify a message digest as parameter to
the --auth option.

MD5 128 bit digest size
RSA-MD5 128 bit digest size
SHA1 160 bit digest size
RSA-SHA1 160 bit digest size
MD5-SHA1 288 bit digest size
RSA-SHA1-2 160 bit digest size
RIPEMD160 160 bit digest size
RSA-RIPEMD160 160 bit digest size
MD4 128 bit digest size
RSA-MD4 128 bit digest size
RSA-SHA256 256 bit digest size
RSA-SHA384 384 bit digest size
RSA-SHA512 512 bit digest size
RSA-SHA224 224 bit digest size
SHA256 256 bit digest size
SHA384 384 bit digest size
SHA512 512 bit digest size
SHA224 224 bit digest size
whirlpool 512 bit digest size
BLAKE2b512 512 bit digest size
BLAKE2s256 256 bit digest size
SHA512-224 224 bit digest size
SHA512-256 256 bit digest size
SHA3-224 224 bit digest size
SHA3-256 256 bit digest size
SHA3-384 384 bit digest size
SHA3-512 512 bit digest size
SHAKE128 128 bit digest size
SHAKE256 256 bit digest size
id-rsassa-pkcs1-v1_5-with-sha3-224 224 bit digest size
id-rsassa-pkcs1-v1_5-with-sha3-256 256 bit digest size
id-rsassa-pkcs1-v1_5-with-sha3-384 384 bit digest size
id-rsassa-pkcs1-v1_5-with-sha3-512 512 bit digest size
SM3 256 bit digest size
RSA-SM3 256 bit digest size
RSA-SHA512/224 224 bit digest size
RSA-SHA512/256 256 bit digest size

root@orangepizero:~# openvpn --show-tls
Available TLS Ciphers, listed in order of preference:

For TLS 1.3 and newer (--tls-ciphersuites):

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256

For TLS 1.2 and older (--tls-cipher):

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-CBC-SHA

Be aware that that whether a cipher suite in this list can actually work
depends on the specific setup of both peers. See the man page entries of
--tls-cipher and --show-tls for more details.

-=-

OpenVPN support so many combinations and need to benchmark all of them?

3

Which of those lead to the max. Mbit/s?
Which of those are most commonly found in the wild?

4

Would think something like AES-128/256-CBC would be the most common.

5

I don't know... just showing that there are many combinations of it.

First is KX - key exchange.
KX can be ECDHE, DHE.

In long - Elliptic curve Diffie-Hellman or just Diffie-Hellman.

Next is Authentication:
ECDSA, RSA.

Then Encryption:
AES - CBC or GCM mode
Chacha20 plus Poly1305

And Message Authentication (MAC):
SHA, SHA256, SHA384

So test should be performed and everything should be wrote as-is.

-=-

For example WireGuard:
https://www.wireguard.com/protocol/
uses only ECDHE, ChaCha20 plus Poly1305, and Blake2s.

Maybe close to WG is OpenVPN configuration with TLS 1.3:
TLS_CHACHA20_POLY1305_SHA256

But this is available on OpenVPN compiled with OpenSSL 1.1.
OpenWRT comes with OpenSSL 1.0 and doesn't support that.

-=-

In short - we can't compare apples with oranges or bananas.

6

I suggest to use AES-128-GCM (HMAC included).
Actually the chosen cipher does not have a very large impact on performance, at least in my testing, the problem with OpenVPN is the constant switching between user and kernel space and the fact that it does not work well with multi core / multi threading.
Wireguard is almost 3 times faster then OpenVPN on my R7800, 85 Mb/s versus 240 Mb/s with Wireguard, that is largely due to the fact that Wireguard is executed in Kernel space and is multithreaded.

7

Thanks for this valuable comment!
Can you estimate how big the differences between the ciphers are? +/-5%?

8

In my testing not more than 10%

1 Like