Trying to decide on hardware, IPSEC and OpenVPN server/client
-
Tested at one of the locations (via IPSEC) and it appears the tunnel is still capped at 10 Mbps down with the new CPU.
-
@tdhuck:
Tested at one of the locations (via IPSEC) and it appears the tunnel is still capped at 10 Mbps down with the new CPU.
Keep in mind that this depends on both sides of the connection. So a weak client will still limit you.
-
@johnkeates:
@tdhuck:
Tested at one of the locations (via IPSEC) and it appears the tunnel is still capped at 10 Mbps down with the new CPU.
Keep in mind that this depends on both sides of the connection. So a weak client will still limit you.
I'm not convinced. What you say is absolutely true, but there has to be another issue, somewhere. I just disconnected the IPSEC tunnel and opened up my NAS to the internet and started to transfer a 3GB ISO file, I am still being capped at 10 Mbps w/o going through a VPN and having to worry about encryption throughput. Something seems like it isn't functioning at 100%
-
In that case, do have a different problem indeed. Make sure pfSense's interfaces are setup correctly (automatic mode etc) and check if any Link status LED's match the link speeds. If those are good, you probable have to look outside of pfSense to find the problem. Have you tried iperf yet? And packet capture to figure out if maybe a lot of trash is happening on the network?
This speed is not related to the CPU or anything like that, even a pentium 3 pulls much more bits than that.
-
@johnkeates:
In that case, do have a different problem indeed. Make sure pfSense's interfaces are setup correctly (automatic mode etc) and check if any Link status LED's match the link speeds. If those are good, you probable have to look outside of pfSense to find the problem. Have you tried iperf yet? And packet capture to figure out if maybe a lot of trash is happening on the network?
This speed is not related to the CPU or anything like that, even a pentium 3 pulls much more bits than that.
Right, I'm convinced there is another issue since I am seeing these same issues with my other pfsense box, this rules out the interfaces, I would think, I doubt I'd have issues with interfaces on two different pfsense boxes.
My ISP equipment is a cable modem that is in bridge mode, I don't have issues getting full speeds when I am at the main network and running a speed test. Latency/ping/speeds all look normal. I stream 4k media all the time and have never seen buffering/pixelation/etc. I'm not saying that nothing needs to be checked, I am simply pointing out that there aren't any obvious issues to make me think something is wrong with the circuit.
I do think the problem is at the main connection since I experience the same 10 Mbps when I am at several different locations, two of those locations have connections of 100 Mbps or better.
I will say this, in all my tests, I am downloading files from my NAS, I guess I will start there and see if there is anything obvious. I do have two switches between my NAS box and the pfsense box, but all links should be gigabit (they were last time I checked).
EDIT- I am not physically on site at the main location (where the new pfsense install was done, yesterday), but I used SSH over the IPSEC tunnel to check the port status, everything is connected at 1000 Mbps Full Duplex. I'll see if I can run iperf from both pfsense boxes and see what that shows…
-
Also see if you can try iperf between de NAS and pfSense or another device on the same switch.
-
@johnkeates:
Also see if you can try iperf between de NAS and pfSense or another device on the same switch.
Here are the results from iperf between the two pfsense boxes, no VPN, I opened up port 5001 on the main (new) pfsense box.
Not looking good…
Client connecting to xxx.xxx.xxx.xxx, TCP port 5001
TCP window size: 64.2 KByte (default)[ 3] local xxx.xxx.xxx.xxx port 50004 connected with xxx.xxx.xxx.xxx port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 7.25 MBytes 6.06 Mbits/sec -
Here are the results when running iperf on a device connected to the main switch where the new pfsense box is located (not running off NAS). IPSEC/VPN tunnel
This is the server side:
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 634 KBytes 5.18 Mbits/sec
[ 5] 1.00-2.00 sec 1.08 MBytes 9.05 Mbits/sec
[ 5] 2.00-3.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 5] 3.00-4.00 sec 1.38 MBytes 11.5 Mbits/sec
[ 5] 4.00-5.00 sec 1.24 MBytes 10.4 Mbits/sec
[ 5] 5.00-6.00 sec 1.29 MBytes 10.8 Mbits/sec
[ 5] 6.00-7.00 sec 1.19 MBytes 9.97 Mbits/sec
[ 5] 7.00-8.00 sec 1.28 MBytes 10.7 Mbits/sec
[ 5] 8.00-9.00 sec 1.18 MBytes 9.92 Mbits/sec
[ 5] 9.00-10.00 sec 1.15 MBytes 9.70 Mbits/sec
[ 5] 10.00-10.04 sec 28.3 KBytes 6.03 Mbits/sec
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-10.04 sec 0.00 Bytes 0.00 bits/sec sender
[ 5] 0.00-10.04 sec 11.7 MBytes 9.77 Mbits/sec receiverThis is the client side:
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 724 KBytes 5.93 Mbits/sec 0 45.2 KBytes
[ 4] 1.00-2.00 sec 1.10 MBytes 9.27 Mbits/sec 1 50.9 KBytes
[ 4] 2.00-3.00 sec 1.27 MBytes 10.7 Mbits/sec 0 67.9 KBytes
[ 4] 3.00-4.00 sec 1.37 MBytes 11.5 Mbits/sec 0 82.0 KBytes
[ 4] 4.00-5.00 sec 1.28 MBytes 10.7 Mbits/sec 1 65.0 KBytes
[ 4] 5.00-6.00 sec 1.29 MBytes 10.9 Mbits/sec 1 58.0 KBytes
[ 4] 6.00-7.00 sec 1.15 MBytes 9.62 Mbits/sec 1 50.9 KBytes
[ 4] 7.00-8.00 sec 1.30 MBytes 10.9 Mbits/sec 0 65.0 KBytes
[ 4] 8.00-9.00 sec 1.19 MBytes 9.95 Mbits/sec 3 59.4 KBytes
[ 4] 9.00-10.00 sec 1.14 MBytes 9.57 Mbits/sec 2 55.1 KBytes
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 11.8 MBytes 9.90 Mbits/sec 9 sender
[ 4] 0.00-10.00 sec 11.7 MBytes 9.81 Mbits/sec receiverI've checked all interfaces on both pfsense boxes (via the pfsense GUI) everything is gigabit and full duplex. No errors/collisions.
I've checked all the interfaces on the switches, everything is gigabit and full duplex. No errors/collisions. -
I have good news and bad news.
Good news is that I am maxing out the connection at 10 Mbps on and off the VPN, on both pfsense boxes and now I know why (see bad news).
Bad news is that the ISP must have changed something or I have a problem, when I do a speed test, I get 105 Mbps down and 11 Mbps up.
Now that I know the upload is maxing at 11 Mbps, all my results are normal (see good news).
However, I have never seen cable internet, at the 100 Mbps download tier, come with 10 Mbps of upload speed. I either have an issue on the line/in the network or the ISP did in fact change their upload speeds on their packages. I am absolutely certain that my upload was more than 10 Mbps, in the past.
-
Well, now we know. Bloody ISPs and their bad uploads! :-X
-
@johnkeates:
Well, now we know. Bloody ISPs and their bad uploads! :-X
I am disappointed, years ago I had much better performance, but it was before I setup a VPN connection. I was simply streaming an IP camera (strong password and only allowed from specific WAN IPs) then I setup OpenVPN, speeds were not really an issue since the camera worked just fine, but I started testing file transfers and I always thought it was the encryption causing bad performance, turns out, the ISP is tweaking the tiers/packages. Upload doesn't matter as much as download, until/unless you are doing what I was wanting to do….....