926Mbps over AES-GCM tunnel (real world link)

jwt

172.21.0.106 (8860)  FreeBSD -CURRENT

[switched LAN]

172.21.0.1 pfSense 2.3 (4860)
(Not going to give you the real-wold IP address)

[Real World 1Gbps path with AES-GCM-128 IPSec running]

172.27.12.17 pfSense 2.2.5 (C2758)
(Not going to give you the real-wold IP address)

[switched LAN]

172.27.12.18 (C2758) FreeBSD -CURRENT

jim@home-8860:~ % iperf3 -c 172.27.12.18 -P 4 -u -b 250M
Connecting to host 172.27.12.18, port 5201
[  4] local 172.21.0.106 port 10311 connected to 172.27.12.18 port 5201
[  6] local 172.21.0.106 port 41141 connected to 172.27.12.18 port 5201
[  8] local 172.21.0.106 port 16997 connected to 172.27.12.18 port 5201
[ 10] local 172.21.0.106 port 23233 connected to 172.27.12.18 port 5201
[ ID] Interval          Transfer    Bandwidth      Total Datagrams
[  4]  0.00-1.00  sec  27.8 MBytes  233 Mbits/sec  37767 
[  6]  0.00-1.00  sec  27.5 MBytes  231 Mbits/sec  3561 
[  8]  0.00-1.00  sec  26.8 MBytes  225 Mbits/sec  3521 
[ 10]  0.00-1.00  sec  23.5 MBytes  197 Mbits/sec  3429 
[SUM]  0.00-1.00  sec  106 MBytes  886 Mbits/sec  48278

---

[  4]  1.00-2.00  sec  28.8 MBytes  242 Mbits/sec  48160 
[  6]  1.00-2.00  sec  29.2 MBytes  245 Mbits/sec  3744 
[  8]  1.00-2.00  sec  28.7 MBytes  241 Mbits/sec  4173 
[ 10]  1.00-2.00  sec  24.4 MBytes  205 Mbits/sec  3673 
[SUM]  1.00-2.00  sec  111 MBytes  932 Mbits/sec  59750

---

[  4]  2.00-3.00  sec  29.3 MBytes  245 Mbits/sec  48430 
[  6]  2.00-3.00  sec  29.2 MBytes  245 Mbits/sec  3745 
[  8]  2.00-3.00  sec  28.9 MBytes  242 Mbits/sec  3737 
[ 10]  2.00-3.00  sec  23.6 MBytes  198 Mbits/sec  3698 
[SUM]  2.00-3.00  sec  111 MBytes  931 Mbits/sec  59610

---

[  4]  3.00-4.00  sec  29.2 MBytes  245 Mbits/sec  48500 
[  6]  3.00-4.00  sec  29.2 MBytes  245 Mbits/sec  3739 
[  8]  3.00-4.00  sec  28.9 MBytes  243 Mbits/sec  3737 
[ 10]  3.00-4.00  sec  23.6 MBytes  198 Mbits/sec  3704 
[SUM]  3.00-4.00  sec  111 MBytes  931 Mbits/sec  59680

---

[  4]  4.00-5.00  sec  29.2 MBytes  245 Mbits/sec  48415 
[  6]  4.00-5.00  sec  29.2 MBytes  245 Mbits/sec  3740 
[  8]  4.00-5.00  sec  28.9 MBytes  242 Mbits/sec  3738 
[ 10]  4.00-5.00  sec  23.5 MBytes  197 Mbits/sec  3695 
[SUM]  4.00-5.00  sec  111 MBytes  929 Mbits/sec  59588

---

[  4]  5.00-6.00  sec  29.7 MBytes  249 Mbits/sec  48324 
[  6]  5.00-6.00  sec  29.7 MBytes  249 Mbits/sec  3802 
[  8]  5.00-6.00  sec  29.5 MBytes  247 Mbits/sec  3802 
[ 10]  5.00-6.00  sec  24.1 MBytes  203 Mbits/sec  3771 
[SUM]  5.00-6.00  sec  113 MBytes  948 Mbits/sec  59699

---

[  4]  6.00-7.00  sec  28.7 MBytes  241 Mbits/sec  48796 
[  6]  6.00-7.00  sec  28.7 MBytes  241 Mbits/sec  3675 
[  8]  6.00-7.00  sec  28.4 MBytes  238 Mbits/sec  3674 
[ 10]  6.00-7.00  sec  23.0 MBytes  193 Mbits/sec  3635 
[SUM]  6.00-7.00  sec  109 MBytes  913 Mbits/sec  59780

---

[  4]  7.00-8.00  sec  29.2 MBytes  245 Mbits/sec  48446 
[  6]  7.00-8.00  sec  29.2 MBytes  245 Mbits/sec  3743 
[  8]  7.00-8.00  sec  28.7 MBytes  241 Mbits/sec  3742 
[ 10]  7.00-8.00  sec  23.5 MBytes  198 Mbits/sec  3678 
[SUM]  7.00-8.00  sec  111 MBytes  929 Mbits/sec  59609

---

[  4]  8.00-9.00  sec  29.2 MBytes  245 Mbits/sec  48439 
[  6]  8.00-9.00  sec  29.2 MBytes  245 Mbits/sec  3742 
[  8]  8.00-9.00  sec  28.9 MBytes  242 Mbits/sec  3733 
[ 10]  8.00-9.00  sec  23.5 MBytes  197 Mbits/sec  3699 
[SUM]  8.00-9.00  sec  111 MBytes  930 Mbits/sec  59613

---

[  4]  9.00-10.00  sec  29.2 MBytes  245 Mbits/sec  48411 
[  6]  9.00-10.00  sec  29.2 MBytes  245 Mbits/sec  3743 
[  8]  9.00-10.00  sec  29.1 MBytes  244 Mbits/sec  3741 
[ 10]  9.00-10.00  sec  23.4 MBytes  196 Mbits/sec  3719 
[SUM]  9.00-10.00  sec  111 MBytes  930 Mbits/sec  59614

---

[ ID] Interval          Transfer    Bandwidth      Jitter    Lost/Total Datagrams
[  4]  0.00-10.00  sec  290 MBytes  244 Mbits/sec  0.332 ms  444978/470526 (95%) 
[  4] Sent 470526 datagrams
[  6]  0.00-10.00  sec  290 MBytes  244 Mbits/sec  0.320 ms  11530/36990 (31%) 
[  6] Sent 36990 datagrams
[  8]  0.00-10.00  sec  287 MBytes  241 Mbits/sec  0.341 ms  12182/37354 (33%) 
[  8] Sent 37354 datagrams
[ 10]  0.00-10.00  sec  236 MBytes  198 Mbits/sec  0.265 ms  15637/36457 (43%) 
[ 10] Sent 36457 datagrams
[SUM]  0.00-10.00  sec  1.08 GBytes  926 Mbits/sec  0.315 ms  484327/581327 (83%)

iperf Done.
jim@home-8860:~ %

And there is still room for improvement.

pakjebakmeel

Looking good  ;)

I'm having some issues with fragmentation when using IPSec on PfSense. Would you be able to have a look at my topic and see if you are experiencing the same issues? Is your PMTU working properly?

https://forum.pfsense.org/index.php?topic=99995.0

Thanks.

jwt

Can you try:

sysctl -w net.inet.ipsec.dfbit=1

on both boxes, and report back?

kapara

Please let me know what you used for both P1 and P2.  I used the same algorithm for my P1 and I can barely pass more than 30 Mbit across VPN.  My office has 1gbit up/down on C2758 supermicro with 8gb ram with aes-ni enabled on 2.2.6

Remote side is 1gbit in, 500mbit out.  Running 2.2.6 in Hyper-V.