I recently bought a RockPi 4 to replace my Raspberry Pi as VPN gateway. The reason is that the performance numbers of OpenSSL/OpenVPN impressed me. Today I received my device and set it up, first with Ubuntu Server and then with Armbian Buster. In both cases I can reproduce good performance indicators when using the usual testing methods:
root@rockpi:~# openssl speed -evp aes-256-cbc -elapsed You have chosen to measure elapsed time instead of user CPU time. Doing aes-256-cbc for 3s on 16 size blocks: 60081162 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 31535221 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 10636732 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 2871501 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 373949 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 16384 size blocks: 186738 aes-256-cbc's in 3.00s OpenSSL 1.1.1 11 Sep 2018 built on: Tue Nov 12 16:58:35 2019 UTC options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr) compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-J6qvxk/openssl-1.1.1=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-256-cbc 320432.86k 672751.38k 907667.80k 980139.01k 1021130.07k 1019838.46k
root@rockpi:~# openvpn --genkey --secret /tmp/secret 0 --tun-mtu 20000 --cipher aes-256-cbc--test-crypto --secret /tmp/secret --verb 0 Thu Jan 2 18:25:45 2020 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode real 0m1.973s user 0m1.960s sys 0m0.008s
both these tests showed much lower number on a RPI (1/10th openssl, 12s openvpn) which is giving me approx. 7MB/s download speed via VPN. Unfortunately when checking the VPN throughput of RockPI4 I am getting approx. 2MB/s and I do not understand why. Based on the tests the RockPI must be 10 times faster than the RPI, but in fact it is (much!) slower. Is there a specific configuration necessary to make the RockPI perform better in OpenVPN environment? I have tried several things but nothing worked. I cannot believe that this is the max the RockPI can deliver! Help is much appreciated!