IPSec Speed maxing at about 25mbps
-
Hello,
I have two Identical pfSenses (2.4.4-RELEASE-p2, the latest version at the time of this writing) virtualized in Windows Server 2012R2 on a PowerEdge R520, on a 40/40mbps link between two states
Both have 8 cores and 8gb of RAM
They have the same version, same configuration, same hardware, same hyper-v, same Dell hardware even the ISP is the same company and the link is the same dedicated 40/40mbps at each side
At first the link maxed at about 20mbps average (using iperf3 for benchmarks)
After searching around I made the following changes on both ends:
System -> Advanced -> Misc
Enabled AES-NI cpu based accelerationVPN -> IPSEC -> Advanced
Enabled IP Compression
Enabled MSS Clamping at 1400
Enabled Async CryptographyVPN -> IPSEC
Redone both Tunnels with:P1: AES128-GCM with Hash AES-XCBC
P2: AES128-GCM with Hash AES-XCBCDashboard shows: AES-NI CPU Crypto: Yes (active)
Rebooted both ends
Now the link maxes at about 26mbps, which is a far cry from what I expected (about 36mbps)
Is there anything else I can try on the pfSense side? (I am starting to suspect there might be something related to Hyper-V)
Thank you!
-
Turn off the hash on P2. AES-GCM shouldn't have any hashing on P2.
-
Thanks, it increased to about 27-28mbps average with peaks of 30mbps
Any more tips to squeeze a little more speed? Thanks!
