IPSec Speed Boost Tips
-
Hey guys,
I've got an IPSEC tunnel running between one side with a 2.4ghz Celeron and the other with Xeon e3-1220. The tunnel only can send traffic at 15mbps and I'm wondering if this can be improved or if the Celeron is just too slow? Currently the tunnel is:Phase 1:
Blowfish 256bit
Hash: SHA1
Key Group: 5Phase 2:
Protocol: ESP
Encryption: Blowfish auto
Key Group 5Any ideas are welcomed
-
This post from gridrun suggests that setting net.inet.ip.fastforwarding = 1 on system -> advanced -> System Tunables followed by a reboot improves openvpn speed.
http://forum.pfsense.org/index.php/topic,47567.msg249997.html#msg249997
-
Unfortunately that post's recommendation is for OpenVPN not IPSEC. In any case I put in a new Xeon x3440 with Intel NICs and IPSEC has jumped to fully line speed (40mbps) so that is an easy fix. Not sure if it was the better CPU or NICs though.
-
Probably the CPU… Celeron's aren't exactly known for their high-speed cryptography performance... :-)
