Low throughput in IPSEC and OpenVPN
-
Hi,
I'm using pfsense 2.3.3 in two location. I made a VPN between sites and the throughput is very low. Both side can get ~500mbps UP/DOWN but in the tunnel I can't get any speed over 60mbps. In openVPN is worst, i can't get anything over 20mbps.
PFSENSE are running under KVM with VirtIO drivers. I disabeld : Hardware Checksum Offloading, Hardware TCP Segmentation Offloading, Hardware Large Receive Offloading. I also activated MSS clamping to 1360.
The servers are currently using two 2,6Ghz core but I tested with 4 Cores and didn't get any speed increase.
Thank you
-
I had to clamp to 1300 to get good performance. (mssfix 1300 in the advanced tab of openvpn on both ends). make sure you do it on both ends and try again?
-
Also try using the simplest forms of encryption to see if it helps, just for a test.
-
didn't get any improvement with MTU 1300.
The encryption didn't help neither..
I read some post about the NIC driver or the cpu timer. The cpu seems to be used by IRQ at 50% if I do an iperf from both side of the tunnel.
-
Any one else ? I can't find anything that could hep :-[
-
try and do an iperf test across the VPN. I was complaining about really bad performance. Had a 10mbit connection by file transfers using windows (SMB) yes 3.0 and I could not get above 4-5 mbit yet when I ran an iperf across the tunnel I got about 9.8mbit. Are you using AES-NI?
-
I tried iPerf, FTP, SSH, SMB, HTTP. I said 60 mbps but I don't why I said that because I can't really pass through 25-30mbps. I tried with and without AES-INI and it worst without.
Since my first post each end can transfert up to 1,5Gbps from end to end trought each Pfsense (NATed servers) without VPN (HTTP, FTP, SSH (bit slower) ).