The most common cause of slow connections across OpenVPN tunnels is caused by the laws of networking: no connection can go faster than its slowest peer. In the case of OpenVPN, you'll find that bandwidth throughput is generally limited by the lowest of the four bandwidth numbers involved in the connection: downstream and upstream, at both ends. For example, let's say your connection looks like this:
|Site A||Site B|
|Download bandwidth||1 Gbps||50 Mbps|
|Upload bandwidth||1 Gbps||10 Mbps|
You'll find that your connection will be limited to at best 10 Mbps, owing to the upload limitation from Site B, regardless of the fact that Site A is able to both send and receive data at a much higher rate.
An OpenVPN tunnel also requires approximately 25% of the tunnel's total speed in overhead, so if the maximum bandwidth of the tunnel is 10 Mbps, you likely will not see more than ~8 Mbps.
Finally, you might try bypassing and prioritizing OpenVPN traffic to make the trip through the NGFW as transparent as possible.
To bypass the connection, you'll need to create two rules in Config > Network > Bypass Rules.
- The first rule will have the condition Source Interface is OpenVPN and the action 'bypass'.
- The second rule will have the condition Destination Interface is OpenVPN and the action 'bypass'.
- Do not combine these rules into one rule; they must be two separate rules.
To prioritize the tunnel, go to Config > Network > Advanced > QoS > QoS Rules and set the 'OpenVPN priority' drop-down to 'Very High'.