Speedtest Openvpn versus shadowsocks proxy

In this article I will provide a short speed comparison on speed test for 2 vpn options that come within opnsense.

First is the openvpn, a built in vpn client that is provided with opnsense.
The second is shadowsocks socks proxy that is provided as a plugin for opnsense.

A few words about connection settings:
- encryption was set to aes 256 gcm for both the open vpn and shadowsocks
- this was a virtual machine in the cloud with no hardware acceleration for encryption or anything
- openvpn uses an internal network adapter called tun/tap while the shadowsocks uses default wan adapter
- both setups were configured on the same opnsense machine and the speed test was run against the same provider

In regards with the speed, the winner is shadowsocks.

Below are the speeds that were reached for both setups.




The speed for the shadowsocks was almost 10 times higher then the openvpn.

Download speed for shadowsocks was 327mb while on openvpn was 32mb.
Upload speed for shadowsocks was to 395mb while on openvpn was 17mb.

It is worth saying that the openvpn was maxing up the cpu on the server, while shadowsocks proxy did not.

root@vpn1:~ # w
8:36AM up 31 days, 23:09, 2 users, load averages: 0.82, 0.66, 0.66

I suspect that the difference comes from how the traffic is routed internally.

In openvpn the traffic is nated from one interface (Openvpn interface) to the wan while shadowsocks uses only one interface.
So if you are trying to watch netflix or use the vpn for torrents you need to configure the shadowsocks plugin to benefit the maximum speed of your server.

Also if you are trying to bypass the great firewall of China, you may need to use shadowsocks as well. The traffic through this proxy is scrambled and it is not detected by the firewall, while the openvpn traffic is very common nowdays and it can be detected.

In regard with opnsense optimization, the following needs to be setup in order to max out speed.
The last 2 settings are optional, but for the first one, it's mandatory to maximize speed. 

Disable hardware checksum offload
Disable hardware TCP segmentation offload
Disable hardware large receive offload

  • speedtest, openvpn, shadowsocks, proxy
  • 4 Users Found This Useful
Was this answer helpful?

Related Articles

 Openvpn needs a gateway parameter for a route option and no default was specified

When this error is received you may need to do one of the following: enable tunnel isolation...

 Configuring a VPN Appliance for Remote Access

VPN Server Appliance Powered by OPNsense The VPN Appliance is powered by OPNsense, a...

 Shadowsocks socks proxy configuration and installation

How to install and configure Shadowsocks libev SOCKS5 proxy server on Centos and Ubunu...

 VPN Types

Planning ahead is required before choosing a VPN solution to make sure that the VPN solution...

 VPN Encryption and Security Protocols

VPN Encryption and Security Protocols Whenever you are planning and then deploying a VPN...

Powered by WHMCompleteSolution