SG-2440 VPN Capacity



  • Hi,

    I plan to buy a SG-2440 mainly for the ability to use VPN.
    I know that the more VPN you have the less throughput you may have by VPN.

    My goal is to use 6 OpenVPN and 3 IPSec VPN in the same time (at least at start), and i wonder if the SG-2440 will be able to handle this VPNs together.

    I don't need a big throughput, only a few Mbps, but i need them to work flawlessly in the same time.
    I don't find any capacity load regarding the pfsens Hardware line (surely because it depend on the perf that you need).

    Thanks in advance.


  • Netgate Administrator

    Hi Anicholas.

    There is some overhead when adding more VPNs but it's more about the total amount of encrypted/decrypted traffic. It's also dependent on what encryption algorithm you are using and what type of traffic you're encrypting so it's hard to give a direct answer here.
    Generally IPSec will give higher throughput than OpenVPN so if the load was spread evenly it woukd pass more. You can get a lot higher throughput over IPSec if you're able to use AES-GCM which takes advantage on the AES-NI hardware in the SG-2440.

    As a very rough guide I would expect to see at least 100Mbps total VPN throughput (probably more) but it's not clear how that would divide. If each tunnel is only passing a few Mbps then I wouldn't expect any issues.

    Steve