Strange VPN performance on pfSense 2.2
-
Hey
Im testing a new pfSense box running 2.2 and seeing some strange VPN performance.
Setup: PC1 (192.168.100.23) <–-> (WAN: 192.168.100.37) pfSense (LAN: 192.168.1.1) <---> PC2 (192.168.1.100)
In every test the VPN tunnel is made from PC1 to pfSense.
First I tested using L2TP/IPsec (L2TP/IPsec subnet is 192.168.2.128/25):
iperf.exe -c 192.168.1.100 -P 5 -w 130k ------------------------------------------------------------ Client connecting to 192.168.1.100, TCP port 5001 TCP window size: 130 KByte ------------------------------------------------------------ [ 6] local 192.168.2.128 port 50093 connected with 192.168.1.100 port 5001 [ 5] local 192.168.2.128 port 50092 connected with 192.168.1.100 port 5001 [ 7] local 192.168.2.128 port 50094 connected with 192.168.1.100 port 5001 [ 4] local 192.168.2.128 port 50091 connected with 192.168.1.100 port 5001 [ 3] local 192.168.2.128 port 50090 connected with 192.168.1.100 port 5001 [ ID] Interval Transfer Bandwidth [ 7] 0.0-10.0 sec 36.8 MBytes 30.7 Mbits/sec [ 6] 0.0-10.1 sec 33.1 MBytes 27.6 Mbits/sec [ 5] 0.0-10.1 sec 36.1 MBytes 30.1 Mbits/sec [ 4] 0.0-10.1 sec 35.6 MBytes 29.7 Mbits/sec [ 3] 0.0-10.1 sec 33.6 MBytes 28.0 Mbits/sec [SUM] 0.0-10.1 sec 175 MBytes 146 Mbits/sec
Then using OpenVPN with compression (OpenVPN subnet is 192.168.3.0/24):
iperf.exe -c 192.168.1.100 -P 5 -w 130k ------------------------------------------------------------ Client connecting to 192.168.1.100, TCP port 5001 TCP window size: 130 KByte ------------------------------------------------------------ [ 7] local 192.168.3.6 port 50179 connected with 192.168.1.100 port 5001 [ 4] local 192.168.3.6 port 50176 connected with 192.168.1.100 port 5001 [ 3] local 192.168.3.6 port 50175 connected with 192.168.1.100 port 5001 [ 6] local 192.168.3.6 port 50178 connected with 192.168.1.100 port 5001 [ 5] local 192.168.3.6 port 50177 connected with 192.168.1.100 port 5001 [ ID] Interval Transfer Bandwidth [ 7] 0.0-10.0 sec 37.6 MBytes 31.5 Mbits/sec [ 4] 0.0-10.0 sec 37.5 MBytes 31.3 Mbits/sec [ 6] 0.0-10.0 sec 37.6 MBytes 31.4 Mbits/sec [ 5] 0.0-10.0 sec 37.6 MBytes 31.4 Mbits/sec [ 3] 0.0-10.0 sec 37.6 MBytes 31.4 Mbits/sec [SUM] 0.0-10.0 sec 188 MBytes 157 Mbits/sec
Then using OpenVPN without compression (OpenVPN subnet is 192.168.3.0/24):
iperf.exe -c 192.168.1.100 -P 5 -w 130k ------------------------------------------------------------ Client connecting to 192.168.1.100, TCP port 5001 TCP window size: 130 KByte ------------------------------------------------------------ [ 7] local 192.168.3.6 port 50283 connected with 192.168.1.100 port 5001 [ 5] local 192.168.3.6 port 50281 connected with 192.168.1.100 port 5001 [ 6] local 192.168.3.6 port 50282 connected with 192.168.1.100 port 5001 [ 3] local 192.168.3.6 port 50279 connected with 192.168.1.100 port 5001 [ 4] local 192.168.3.6 port 50280 connected with 192.168.1.100 port 5001 [ ID] Interval Transfer Bandwidth [ 7] 0.0-10.0 sec 38.2 MBytes 32.0 Mbits/sec [ 6] 0.0-10.0 sec 38.4 MBytes 32.0 Mbits/sec [ 3] 0.0-10.0 sec 38.4 MBytes 32.0 Mbits/sec [ 4] 0.0-10.1 sec 38.2 MBytes 31.9 Mbits/sec [ 5] 0.0-10.1 sec 38.4 MBytes 32.0 Mbits/sec [SUM] 0.0-10.1 sec 192 MBytes 160 Mbits/sec
I then port forwarded port 5001 from WAN to LAN and run a test again:
iperf.exe -c 192.168.100.37 -P 5 -w 130k ------------------------------------------------------------ Client connecting to 192.168.100.37, TCP port 5001 TCP window size: 130 KByte ------------------------------------------------------------ [ 3] local 192.168.100.23 port 50310 connected with 192.168.100.37 port 5001 [ 6] local 192.168.100.23 port 50313 connected with 192.168.100.37 port 5001 [ 4] local 192.168.100.23 port 50311 connected with 192.168.100.37 port 5001 [ 5] local 192.168.100.23 port 50312 connected with 192.168.100.37 port 5001 [ 7] local 192.168.100.23 port 50314 connected with 192.168.100.37 port 5001 [ ID] Interval Transfer Bandwidth [ 6] 0.0-10.0 sec 222 MBytes 187 Mbits/sec [ 4] 0.0-10.0 sec 227 MBytes 191 Mbits/sec [ 5] 0.0-10.0 sec 222 MBytes 186 Mbits/sec [ 7] 0.0-10.0 sec 222 MBytes 186 Mbits/sec [ 3] 0.0-10.0 sec 228 MBytes 191 Mbits/sec [SUM] 0.0-10.0 sec 1.09 GBytes 939 Mbits/sec
I also tryed to add another interface on the pfSensebox (OPT1, 192.168.10.0/24) and run the test again to see if it was a problem with router between subnets:
C:\Users\Jacob\Desktop\iperf-2.0.5-3-win32>iperf.exe -c 192.168.100.37 -P 5 -w 130k ------------------------------------------------------------ Client connecting to 192.168.1.100, TCP port 5001 TCP window size: 130 KByte ------------------------------------------------------------ [ 5] local 192.168.10.8 port 50327 connected with 192.168.1.100 port 5001 [ 6] local 192.168.10.8 port 50328 connected with 192.168.1.100 port 5001 [ 7] local 192.168.10.8 port 50329 connected with 192.168.1.100 port 5001 [ 3] local 192.168.10.8 port 50325 connected with 192.168.1.100 port 5001 [ 4] local 192.168.10.8 port 50326 connected with 192.168.1.100 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 222 MBytes 186 Mbits/sec [ 4] 0.0-10.0 sec 223 MBytes 187 Mbits/sec [ 5] 0.0-10.0 sec 222 MBytes 186 Mbits/sec [ 6] 0.0-10.0 sec 227 MBytes 191 Mbits/sec [ 7] 0.0-10.0 sec 229 MBytes 192 Mbits/sec [SUM] 0.0-10.0 sec 1.10 GBytes 942 Mbits/sec
Conclusion: When using VPN i can only get 160 Mbits/s in the tunnel. If i use compression with OpenVPN the tunnel is also maxed at 160 Mbits/s, even though the datarate is only about 20 Mbits/s on the physical interface. If not using VPN i can transfer almost 1 Gbit/s.
CPU at pfSense when using OpenVPN with/withput compression is 21%. L2TP/IPsec = 30%.
I also tryed adding net.inet.ip.fastforwarding = 1 but does nothing.Are the a fixed max speed on VPN tunnels at 160 Mbit/s or can anybody explain why im getting this performance?
Hardware: Super Micro A1SRi-2758F, 16 GB ECC, 120 GB SSD.
Thanks.
/Jacob -
Can anybody help?