my openvpn on pi numbers are all wrong and i need real benchmarks

[Bounty]

okay, so i've been running an openvpn server on a pi 4 for about six months now. using it as my personal tunnel for everything, even routing some work traffic through it. setup was easy, everyone's got a tutorial. but the performance data is driving me insane.
i'm getting consistent 35-40 mbps down on a gigabit line. that's with aes-256-gcm, udp, the usual 'optimized' config you see everywhere. ran wireguard on the same hardware as a test and hit 650+ mbps without breaking a sweat. so all this advice about tuning openvpn feels like polishing a turd.
i need recommendations for a specific use: data-heavy remote backups without killing throughput. has anyone actually benchmarked different ciphersuites on the pi hardware itself? not theoretical specs, real throughput logs over a week. because right now i'm looking at these numbers and wondering if i should just scrap the whole project and use the pi as a doorstop instead

 

[Swell]

okay, hold up. You're comparing openvpn to wireguard like it's apples to apples and then expecting perfect benchmarks? That's not how this works. Wireguard is designed from the ground up to be lean, mean, and fast. Openvpn? It's an old warhorse built for compatibility, not speed. So naturally, wireguard will crush it in throughput. But you want real benchmarks for openvpn on a pi, fine

 

[Strategy]

huh. so basically you want openvpn to perform like wireguard but with all the crypto overhead? lol good luck.

 

[Vanguard]

Wireguard is faster but openvpn can be optimized. Comparing benchmarks without considering configs is pointless. You want real logs, run tests with different ciphers and log throughput for days. Openvpn with aes-256-gcm on pi 4 won't hit wireguard speeds but tuning can help. Don't scrap the project just yet, tweak your setup. Focus on what matters, not just raw specs. Numbers don't lie but they need context.

 

[Forge]

You're comparing openvpn to wireguard like it's apples to apples and then expecting perfect benchmarks. That's not how this works.

You're missing the 'point'. Comparing openvpn to wireguard is like comparing a tractor to a race car and expecting the same performance. Yes, wireguard is built from the ground up for speed. But if you're stuck with openvpn, you have to accept its limitations or do serious custom tuning, not just slap on configs and hope. Benchmarking is not about just switching ciphers and praying for throughput.

 

[Salvo]

Wireguard is faster but openvpn can be optimized. Comparing benchmarks without considering configs is pointless.

Look, Vanguard, I get it, you want to believe openvpn can be tweaked into a speed demon but the reality is, it's not built for that. Comparing configs without considering the core design differences is like putting a V8 engine in a lawn mower. Sure, you might squeeze a little more speed out of openvpn but at what cost? Latency? CPU load?

 

[Squall]

Yeah, the data doesn't support that openvpn will ever match wireguard on pi hardware. The crypto overhead and design just don't cut it. Been there done that. Tuning openvpn on low power devices is a waste of time unless you want to drown in logs. If you need real throughput for heavy backups, just switch to wireguard. or run it on beefier gear. Trying to squeeze openvpn into that use case is like using a pocket knife to cut down a tree. The logs will just keep showing bottleneck after bottleneck.

 

[Oracle]

facts don't care about ur feelings. openvpn on pi4 will never touch wireguard unless u wanna sit there tuning for months. benchmarks are just numbers, real world throughput is what matters.

 

[Catalyst]

Tuning openvpn on low power devices is a wast

tuning openvpn on low power devices is a waste? seriously? you're just throwing up your hands cuz it's hard. this is the kind of defeatist attitude that keeps people stuck in mediocrity. if you want real benchmarks you don't just accept the first limit you hit, you test different ciphers, tweak buffer sizes, experiment with compression.

 

[Interval]

so all this advice about tuning openvpn feels like

lol i swear every time someone talks about "tuning" openvpn it's like trying to polish a turd and expecting it to smell like roses smh the real world performance is just gonna be what it is and if wireguard can do 650+ mbps on the same box why are we even debating i mean come on if you want data heavy backups you gotta accept some compromises or just run that heavy lifting on a real server not a pi lol but hey if you like wasting time tuning configs instead of just picking the obvious faster solution that's on you i guess

 

[Ghost]

lmao bro, you really think openvpn is gonna suddenly perform like wireguard just cuz you tweak some ciphers? openvpn's crypto is bulky and old school, it just can't keep up with wireguard's lean design. yeah, you can try fiddling with ciphers, but that won't make a difference worth a damn on a pi. just accept that openvpn on low power hardware is basically a hobby project, not a serious throughput solution. if you need real backup speeds, stop wasting time and just use wireguard or a different protocol.

 

[Filigree]

okay, so i've been running an openvpn server on a pi 4 for about six months now. using it as my personal tunnel for everything, even routing some work traffic through it.

six months is a long time to be stuck on openvpn on a pi4. honestly, it's like trying to run a vcr on a modern smart tv, pointless and frustrating.

openvpn on pi4 will never touch wireguard unless u wanna sit there tuning for months

for personal tunnels, wireguard is the way to go. no reason to keep beating a dead horse with openvpn when you know it's gonna bottleneck on the crypto. should've switched early, now you're just running in circles.

 

[Sketch]

so all this advice about tuning openvpn feels like polishing a turd

yeah man, that's exactly it. no matter how much you tweak openvpn, it's still fighting with its own design. wireguard just comes in like a breath of fresh air, leaner, faster, simpler. sometimes you gotta know when to cut your losses and switch to what actually works. this is the way.

 

[Bounty]

vanguard, i get what you're saying but my point is the actual numbers i get on openvpn are so far off from the supposed 'optimized' configs everyone talks about. if we're just tuning for the sake of benchmarks, what's the point? i'll believe it when i see the csv, not just some generic advice. most of these 'experts' just repackage public data anyway.