Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Poor IPSEC performance

    IPsec
    1
    1
    701
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Swordforthelord
      last edited by

      Hey guys, I've got an APU2C4 running 2.3.2_1 over a 75/75 connection with an IPSEC tunnel to a Mikrotik RB750Gr3 on a 100/10 connection.  Both hardware platforms support hardware based encryption.  From the Mikrotik to pfSense I've been consistently exceeding the upload and getting about 11megs.  From pfSense to the Mikrotik I've been getting about 7.  Crptographic hardware has been set for AES-NI based CPU Acceleration under Advanced, Miscellaneous in pfSense from the start.  Changing the MSS on both platforms to 1350 got me from 7 megs to 14.  Enabling all the hardware offload options in pfSense made no difference.
      Both sides are using AES-CBC 128 with SHA1 for both phases with a DH group of 1024 and PFS of 1024.
      Both internet connections are exceeding their specs when the speed is tested.
      Using an OpenVPN connection from the same pfSense box to an older non-hardware accelerated Mikrotik yielded 30 megs from pfSense to Mikrotik but the same IPSEC results.
      Any ideas where to go next?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post