Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help me identify IPsec speed bottleneck

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 498 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      TonyM
      last edited by

      Hi! I just put up my first pfsense box to try and improve my vpn speeds. I have a site-to-site ipsec tunnel set up to a remote location and its working correctly. However, Im not seeing the speeds I was expecting. Some details:

      Both locations connected via fiber with 150/150mbits on location 1 and 50/50mbit on location 2. Location 2 has the vpn server setup on an edgerouter lite with hardware offloading enabled. Location 1 is the pfsense box. Hardware specs: core i5 3570k (supports AES-NI), 16gb RAM, SSD, asus p8h77-i mini itx motherboard, Intel Pro/1000CT PCIe Desktop Adapter (EXPI9301CTBLK).

      I use the onboard network adapter on the motherboard for WAN and the intel for LAN.

      The vpn is set up with IKEv2, aes128-GCM for encryption algorithm and SHA1 as hash algorithm on both the pfsense box and the edgerouter lite.

      I have enabled "AES-NI CPU-based Acceleration" under System/Advanced/Miscellaneous.

      Im seeing between 1,5-2,0 mb/s from the pfsense side to the edgerouter side during file copy. From the edgerouter side to the pfsense side im seeing 6 mb/s.

      top reports 94% idle when copying from the edgerouter side to the pfsense side, and 98% idle when copying the other way.

      What am I missing? Shouldn't this setup be a lot faster?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.