Ipsec with dual pfsense



  • Hellow fellow pfsense lovers.

    We changed our main firewall for a pfsense (without Nat).
    This pfsense is our main router/firewall because we have our own subnet.
    Behind our subnet there are multiple pfsense firewalls witch have there own public ip in our own subnet.

    The pfsense firewalls behind our main pfsense (without Nat) have ipsec vpn to other remote sites.
    But the thing is with the new main pfsense (without Nat) in front of the pfsense the transfer over vpn are very slow en will stop most of the time.
    We have tested this with SMB and FTP.

    Maybe we have to do some performance tuning in the main firewall.
    In the attachment is the specs of our new main firewall/router

    With our old firewall/router this was not the case.

    ![Screen Shot 2017-02-24 at 20.34.46.png](/public/imported_attachments/1/Screen Shot 2017-02-24 at 20.34.46.png)
    ![Screen Shot 2017-02-24 at 20.34.46.png_thumb](/public/imported_attachments/1/Screen Shot 2017-02-24 at 20.34.46.png_thumb)



  • We are a bit further with this isseu.
    We think the following option will fix our problem, within the main firewall.

    Disables the PF scrubbing option which can sometimes interfere with NFS traffic.

    We are going to apply the option this evening.



  • Yes it fixed our issue, hope this thread helps someone.
    We could not find any information on it.