

This process adds additional data to each packet, but is not part of the payload. The difference between the LAN example above and the OpenVPN tunnel is that the entire packet is encrypted “end-to-end” between the Vault/Firewalls and the data can travel through the network securely.Īdding an OpenVPN tunnel introduces “overhead” which is added when a packet enters a tunnel and stripped off when a packet leaves the tunnel. The diagram below shows an OpenVPN tunnel. Multiple clients can be connected to a single server for a hub and spoke type of architecture. With OpenVPN, one side of the tunnel is the “server” and the other end is the “client”. The configuration must be identical at each end of the tunnel in order to make a connection.

The main parameters for OpenVPN consist of an Encryption method and a Message Authentication method. The set of parameters is known as a “cipher suite”. When configuring OpenVPN tunnels (and other secure connections) multiple parameters must be configured. An OpenVPN “tunnel” encrypts the entire packet, not just the payload, and is commonly used to create Virtual Private Networks (VPN).

OpenVPN is a popular protocol that is used to authenticate and encrypt/decrypt packets to provide secure transport of packets through the network. One of the Ubuntu computers is running iperf3 as a server, the other is running iperf3 as a client. The test network consists of 2 computers running Ubuntu 20.04.1 version of Linux and 2 Vaults running pfSense® CE version 2.4.5_1. For a 1 Gbps ethernet interface, the actual data throughput is ~940 Mbps due to overhead in an IP packet. In a basic setup, The Vault is capable of routing packets at wire speed on all ports for all models. This article aims to provide a baseline of OpenVPN performance for several different Vaults, as tested in a lab environment, so the customer can make an informed decision as to what products best suit their needs. Frequently, it is useful for a customer to know the performance characteristics of specific hardware before making a decision to purchase. Depending on individual use cases, different hardware firewalls may be useful for different types of network applications and as such, Protectli offers different hardware with varying capabilities.
