in a temporary setup that is meant to support a rack move, I am using a RUTX08 as OpenVPN gateway in TAP mode to couple both the old and the new site on layer 2 to allow the machines to be moved freely without configuration changes. The other side of the OpenVPN link is a Raspberry Pi 4.
That configuration maxes out at about 25 Mbit/s while the (4 Core) Raspi is still 370 % Idle and the (single-threaded) OpenVPN daemon taking about 20 % of one core. The Teltonika device say in its web interface (status, realtime data, load) that it is 25 % busy when the link is maxed out. The Teltonika’s load never goes beyond 25 %, and it returns to the single-digit range when the data transfer going through it is interrupted.
Do I see correctly that
The RUTX08 has a four-core CPU as well
The RUTX08 web interface would show 100 % load only if all four cores were 100 % busy, giving that
the RUXT08 saying it is at 25 % busy actually means that one core is maxed out
because OpenVPN runs only single-threaded?
I do understand that Teltonika cannot do anything about OpenVPN’s code structure, I just want to understand whether the RUTX08 is the correct device to do so.
Does the RUTX08 CPU have any kind of crypto offloading support that I can leverage by choosing the “right” cipher in the OpenVPN configuration?
Is there any chance that my problem is caused by something else? I have ruled out local ethernet (duplex, data rate, autonegotiation) and MTU issues (verified that neither the tunnel contents and the tunnel itself sees any fragmentation).
That would make sense, but to be sure, I could try asking our R&D, let me know if this is something that you would need full confirmation on.
Regarding the reasoning for this issue, I believe it would also be wise to double-check with our R&D (which I will of course do), same goes with the offloading question.
I’ll get back to you as soon as I have answers,
M.
Thank you very much. I think the most interesting question is the offloading question and the one whether 25 % load means that one core is fully busy.
I kind of know that OpenVPN in TAP mode is single threaded and I have a suspicion that OpenVPN in TAP mode wouldn’t use hardware offloading anyway on any platform.
I’ve been informed that the speeds you’re receiving are expected. If these speeds of 20-25mbps are not enough for your use case, you can look into the RUTC50, which has a drastically better CPU and is able to provide speeds of over 100mbps over the OpenVPN tunnel: https://www.teltonika-networks.com/products/routers/rutc50
Regarding the offloading settings, no such thing on our devices that I was informed of.
Thank you. As this is just a temporary thing in the customer’s network, we have replaced the RUTX08 with a two-interface x86 machine for the time being. Thank you for researching.
