Hi all.
I have a DS1817+, and when I run a VPN into the network, I hit a “pretty high” CPU load. When uploading to the NAS via VPN with 100 Mbit, I reach about 1/3’ed of the total CPU. I thourt the encryption part had a dedicated chip to handle the encryption thing on this device?
I dident use the standard OpenVPN settings on the NAS, I did some research, and suggestions were to set it to the following
Encryption: AES-128-CBC
Authentication: RSA-SHA256
I dont use compression on the VPN llink, because the content being moves over the VPN will be compressed .jpeg pictures
I’m thinking about upgrading the internet line to 30/300 Mbit, and then i would hit the wall regarding to the CPU.
If the NAS have a hardware chip just for encryption, how should the settings be then?
Thansk in adv.
OpenVPN usually runs in CPU. You are seeing the downside of OpenVPN - it’s CPU-intensive, so “weakers” processors/SoC’s struggle. Same reason why many consumer routers that can handle high speeds still slow way the hell down if you have them act as an OpenVPN client.
You might consider moving VPN to your firewall/router instead if it supports AES-NI.
I have a Ubiquiti Edgerouter Lite and a Edgeswitch Lite 24p.
I did some reading up on it, and it seems that the router dont have enough juice to support a high bandwidth when using openvpn. as /u/xelman said, it’s CPU intensive.
I think I will stick with running the OpenVPN on the Synology, and then the CPU will just hurt if our users can push the bandwidth upto 300 Mbit/sec. Currently we only have 100 Mbit internet, but will likely upgrade to 300 or 500 if need be.
Thanks for the answers.
*I like to use OpenVPN due to it’s safety and easiness for the clients to setup.
Build a pc with AES-IN CPU and install pfSense. My build was like under $150 with case, cpu/mobo combo, RAM + tiny SSD, intel used server network card. It will run openVPN and push through ridiculously high bandwidth.
I checked, this is the cheapest solution that can work in medium sized office for less money than buying enterprise class hardware that costs x10+.
PS: If you don’t want to build your own, there are “hardware appliances” that can be bought that would do a same thing. I built mine because for the same money I chose a beefier CPU that can outdo any “appliance”.
I love OpenVPN, the issue with it is that it’s pretty CPU intensive and I’m not aware of any devices that have hardware-acceleration for it. So for embedded devices or devices that are otherwise not running beefy CPU’s, things can slow down significantly if you are using it.