Categories

• pfSense® Software

  Discussions about pfSense Software, click a category below

  Messages from the pfSense Team

  General pfSense Questions

  Installation and Upgrades

  Firewalling

  NAT

  HA/CARP/VIPs

  L2/Switching/VLANs

  Routing and Multi WAN

  Traffic Shaping

  DHCP and DNS

  IPv6

  IPsec

  OpenVPN

  Captive Portal

  webGUI

  Wireless

  SNMP

  Documentation

  Development

  Gaming

  Virtualization

  Hardware

  Bounties

  Retired
  84960
  Topics
  488595
  Posts

  C

  Hello, I set up a site-to-site VPN between two pfSense boxes. Site A is a residential connection (1 Gbps down/15 Mbps up), and site B is in a data center geographically about 20 miles away (1 Gbps up/down). Over WAN I am able to download from the data center at the full 1 Gbps throughput. I set up the IPSec connection between the two, and everything connects fine. Phase 1: IKEv1 PSK, AES 128/SHA256/DH5 Phase 2: ESP AES128-GCM 128/SHA256/PFS 5 When I download from the data center over the VPN, my bandwidth seems to be capped at around 15 Mbps (the upload speed on site A). I'm wondering, is IPSec bandwidth limited by the lowest speed in any direction in the connection? I was hoping to get higher throughput downloading from site B. Bandwidth tested using iperf and scp'ing iso files from the data center. Using AES-NI, e3-1220 v3 on both sides. Hardware is super under utilized.
• pfSense Packages

  Discussions about pfSense software packages

  Cache/Proxy

  IDS/IPS

  Traffic Monitoring

  pfBlockerNG

  ACME
  12716
  Topics
  82138
  Posts

  

  @gertjan To be frank, I think that the fact that Acme can’t be used for local TLD must be underlined in the docs more clearly !
• pfSense International Support

  Discuss pfSense in other languages

  Chinese

  Deutsch

  Español

  Français

  Indonesian

  Italiano

  Russian

  Nederlands

  Norwegian

  Portuguese

  Polish

  Romanian

  Swedish

  Turkish
  35735
  Topics
  225394
  Posts

  A

  @grimson said in mehrere VLAN in einer WLAN SSID: Ob Unifi dafür eine Alternative zu Radius bereithält musst du im Unifi Forum recherchieren, da bist du falsch hier. Ohne RADIUS geht das bei Ubiquiti mit User-Groups s. https://dl.ubnt.com/guides/UniFi/UniFi_Controller_V5_UG.pdf, S. 54 - Zuordnung der netzwerke S 148 Kannst du mir ggf kurz erklären, warum die Zuweisung auf Layer3 nicht sinnvoll ist? Hatte das unter dem Stichpunkt "MAC NAILING" gefunden....
• Official Netgate® Hardware

  Information about hardware available from Netgate

  446
  Topics
  2898
  Posts

  T

  I am setting up a new micro-ISP for a small village, there are about 50 households here and will be sharing between 6 and 10 internet connections between them, speed between 10 and 30 Mbps Each. I have a used Cisco Catalyst 2960G-24TC that i plan on using as a central switch, and the client side will be over Ubiquity AirMax routers. I was wondering if the SG-3100 would be able to balance all of those connections as well as handling traffic shaping for fair distribution of bandwidth for the different clients based on their Ubiquity router IP? 1: Can I set up each of the 6+ connections in a vLan and use those to load-balance since the box itself only has a few ports? What about the resource overhead will the 2 gigs of RAM and only 2 cores be able to handle that? What about traffic shaping? How will that affect the boxes resource ? Lastly could I use link aggregation to the Cisco to speed up the bandwidth to and from the switch to minimize bottlenecks there? I will probably have more questions once these are answered, thanks. K.Witt
• TNSR

  Discussions about TNSR

  TNSR Announcements
  12
  Topics
  37
  Posts

  

  @gfeiner No TNSR support for 7100 right now, but it's on our to-do list.
• Netgate Announcements

  Information about hardware available from Netgate

  0
  Topics
  0
  Posts
  No new posts.
• General Discussion

  Feel free to talk about anything and everything here

  Forum Feedback

  Community Job Board
  2164
  Topics
  11198
  Posts

  M

  @johnpoz said in LARGE IP SUBNETS.: You would really need to evaluate the amount of traffic between users and servers if your going to split those into their own segments to determine which is the better option.. And how best to skin that cat. It is mostly SSH and NFS. Even then, this traffic is only required by 50-65% company at best. NFS is to 2 x NAS Devices, file transfers and data streams.