IPSec is very slow between two pfsense routers
-
@patrick-pesegodinski Is this before or after clamping down MSS?
You are seeing 220mbit which is around 25MB/s (Half your OpenVPN throughput). But I cannot see if you tried a single session iPerf or the default with multiple parallel streams. -
@keyser Test performed without changing the MSS.
I used the iperf client in Pfsense itself with the default settings. -
Post your iPerf syntax here so we can understand what you are doing.
Something along the lines ofiperf3 -c 192.168.70.26 -P 50 -t 30Also post for us the before MSS change and after MSS change results.
-
@keyser
I found something in redmine for MTU suggestions.https://redmine.pfsense.org/issues/14508
-
@michmoor Excuse my ignorance, but I'm not familiar with iperf. Which fields do I need to adjust?
-
@patrick-pesegodinski
do not use iperf on the firewall.
use iperf between your clients (sitting behind your firewall). -
@michmoor 1f121d95-5939-4faa-a741-3386bf11b08d-TESTE.txt
The test with MSS standard.
-
https://packetpushers.net/ipsec-bandwidth-overhead-using-aes/
Best MSS for IPsec tunnel Model 1328, if you use transport Mode and a 1500 WAN line, you can use 1372. -
@NOCling hello friend.
Thanks for helping me. Your information about MSS with 1328 solved my problem.
-
What should be the average IPSec VPN speed between two pfsense with 1Gb NIC interface and 1Gbps internet?
I've seen all kinds of comments on different forums that the speed could be higher, but I can't do more than that:
-
@patrick-pesegodinski Did you Apply MSS on WAN interface settings and does it need to be same on both sides of tunnel ?
-
