Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate 6100 openvpn slower on some appliance

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 596 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kouz75
      last edited by kouz75

      Hello,

      I have two Netgate 6100 appliances (pfsense version 23.05.1).
      Both of them have a similar internet bandwidth (1G fiber).
      They are link via a IPSec tunnel and both have an OpenVPN server configured with the same settings:

      • QAT enabled
      • Cipher: AES-256GCM
      • MSS Clamping: 1328
      • DCO: disable

      Users are connecting via openvpn on one netgate device.

      Using iperf3 via openvpn connection, I obtained the following results:

      On one appliance:
      [ ID] Interval Transfer Bitrate
      [ 5] 0.00-10.00 sec 321 MBytes 269 Mbits/sec sender
      [ 5] 0.00-10.01 sec 320 MBytes 268 Mbits/sec receiver

      On the other appliance:
      [ ID] Interval Transfer Bitrate
      [ 5] 0.00-10.00 sec 106 MBytes 89.3 Mbits/sec sender
      [ 5] 0.00-10.02 sec 106 MBytes 89.0 Mbits/sec receiver

      One of the OpenVPN server is really slower than the other one. I try to compare both pfsense settings but I didn't found any difference.

      One know where to start to be able to find the configuration issue ?

      thanks for your help

      J 1 Reply Last reply Reply Quote 0
      • J
        JAK 0 @kouz75
        last edited by

        This post is deleted!
        F 1 Reply Last reply Reply Quote 0
        • F
          Fagundo13 @JAK 0
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • K
            kouz75
            last edited by

            On the slow netgate, I stop the IPsec tunnel and reboot the device.

            after few files transfert over openvpn, I check the interrupt with the commande : vmstat -i | grep qat

            the command didn't return any result.
            Maybe I'm wrong but it's seem that openvpn don't use QAT.

            after restarting the IPSec tunnel vmstat -i | grep qat return :
            irq170: qat0:b1 139 0
            -> QAT is used by IPSec

            is there a reason for openvpn not using QAT ?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.