Terribly slow troughput over IPsec site-to-site VPN tunnel
-
Hello, I'm trying to understand why the troughput over two different IPsec site-to-site tunnels is very low.
FTTH 1 (1000/300 Mbps, 100Mbps guaranteed) transfers files at about 1 MB/s
FTTH 2 (1000/1000 Mbps, no minimal guaranted band) transfers files at about 5 MB/sAfter the default PFsense configuration, I tried also different IPsec combinations and best practice to increase troughput but nothing seems to benefit, the CPU are both under 10% of charge, but the speed is always the same.
We've got the same issue also via OpenVPN clients, so I also tried to replicate the tunnel locally, avoiding the internet providers bottleneck, without gateways the tunnel is up but I can't ping the LAN IP of the other firewall, can anyone help me? -
@pacca
PC specifications: both Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz, 8GB RAM, HD 7200RPM
Below the IPsec tunnel specifications:
-
Is this windows file transfers?
Have you confirmed the PC has no issues transferring locally?Thanks
Dan -
@daniel_hyde
Thank you Daniel, yes of course, I get these values (from 0,5 to 5 MByte/s) via windows file tranfer.
I can tell you that the transfer via FTP (port forward, no VPN) is very variable, from 5 to 60/70 MByte/s. Via LAN the max troughput is about 120 MByte/s. -
Found a similar older topic:
https://serverfault.com/questions/734086/slow-cifs-file-copy-over-routed-network-with-different-bandwidths
However disabling Jumbo and Netbios doesn't help...
Our internet provider (TIM) suggested that's a CIFS issue, because windows file transfer works fast over LAN but not over WAN interfaces... In fact Iperf test values are in the order of 260Mbit/s, as sender and receiver, and that's good... They recommended to reduce Windows MTU to 1490 but the troughput is the same... Does anyone has some tuning to suggest?