Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC is insanely slow, Less that 1/10th speed

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 483 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      calmasacow
      last edited by calmasacow

      I have 2 offices with an IPSEC VPN tunnel between the 2 PFsense boxes using the latest version at both ends. Both Running 2.6.0

      Office A has 5Gb/5Gb fiber
      CPU Type Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
      4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
      AES-NI CPU Crypto: Yes (active)
      QAT Crypto: No

      Office B has 1Gb/35Mb Cable
      CPU Type Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz
      6 CPUs: 1 package(s) x 6 core(s)
      AES-NI CPU Crypto: Yes (active)
      QAT Crypto: No

      Sends 1GB of data from Office A to Office B sends at about 8MB/sec, which is about 64Mb/sec and far from the 1000Mb/sec that should be the theoretical limit.

      Sending 1GB of data from Office B to Office A sends at about 3MB/sec, and while less than the advertised speed it isn't totally out of line and is within about 15% or so of what I would expect max capability to be.

      AES-NI "is" enabled on both machines.
      CPU usage never goes above 4-5%

      Where can I start to find out why it is so slow when going over the tunnel?

      Dobby_D 1 Reply Last reply Reply Quote 0
      • Dobby_D
        Dobby_ @calmasacow
        last edited by

        @calmasacow said in IPSEC is insanely slow, Less that 1/10th speed:

        Office B has 1Gb/35Mb Cable

        This should be the bottleneck as I see it right.

        What data you are using? Small files, one big file,..
        What is the MTU on all devices including the PC?
        You are using PPPoE? So all went over one WAN and not over multiple onesqueue!

        #~. @Dobby

        Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
        PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
        PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

        S 1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @Dobby_
          last edited by

          @Dobby_ said in IPSEC is insanely slow, Less that 1/10th speed:

          This should be the bottleneck

          At least, from B to A. 35 Mbps is about 4 MBps max, but OP says that's 3 so OK.

          @calmasacow How is this test transfer happening? SMB is slow over VPNs unless it's using SMB 3, as I recall. Try FTP or another method if possible. (also Windows 11 has a bug in the May update causing very slow VPN performance but I'm pretty sure that's with Windows 11 itself as the VPN client)

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.