LAN side static routes and piss poor performance - TCP window size

ssheikh

Have been battling LAN side static route problems with pfSense for more than a year now.

Machines in VA and TX use the pfSense as their default gateway.

pfSense has static routes to forward traffic destined for the other site to the MPLS router (.2 in each office.) Bypass firewall rules for traffic on same interface is checked.

Here is what I see:

1. At either location, I can download files using FTP and max out the Internet connection.

2. At either location, I can use windows file sharing over VPN to a machine across the internet and pretty much max out the internet connection. I can sustain data transfer rates 75 ~ 80% of the total bandwidth.

3. Using FTP from VA to TX with pfSense being the default gateway, I only get 3 Mbps thruput on the 7xT1 (~10 Mbps) connection.

4. Using FTP from VA to TX with the MPLS router as the default gateway, I get full 10 Mbps thruput

5. Using windows file sharing between VA and TX with pfSense as the default gateway, I get 1.5 Mbps thruput max on a good day.

6. Using windows file sharing between VA and TX with MPLS router as the default gateway, I get 4 ~ 5 Mbps thanks to XO's poor network and the way they bond the T1s together.

When I sniff the traffic I can see that with pfSense being the gateway Windows is not able to negotiate TCP window sizes correctly and there is one ACK for every data packet. When I use the MPLS router as the default gateway, the window sizes are correctly set and I get several data packets before an ACK is sent.

Would really like to use the pfSense as the default gateway for many other reasons.

Has anyone else seen this and been able to fix it?

Thanks,

Shahid