Hello Fred,
thank you for your reply and testing effort - if there is anything notable, I will be happy to hear.
At the moment, I am pretty sure Suricata is the reason for this: Disabling it on RED interface immediately increases the OpenVPN throughput to ~ 2 MBit/sec. However, as being mentioned before, I cannot reproduce this behavior on other installations.
The Core Update 135 changelog does not indicate such changes. Since Suricata does/did not scan traffic on OpenVPN interfaces, I have asked Stefan to change this the other day. Maybe he did so by now, and I missed the commit.
Another possibility is a regression introduced in C135, so more testing helps a lot here. Since my system switches from master to testing every now and then, I can also imagine some packaging glitches as a reason for this.
Either way, I am not satisfied with OpenVPN as it introduces quite some overhead. IPsec would be more elegant (cipher policies per connection, etc.) and perhaps faster, but I did not have time to set it up.
Thanks, and best regards, Peter Müller
Peter - we did not observe a similar slowdown on the OpenVPN slowdown on Net2Net connections. That said, we will go ahead and retest them based on your report. We will also take a close look at the Net2Net configurations since we do a slight modification to them verses the standard setup. This may or may not be why a similar change was not observed.
Best regards, Fred Kienker