3 VPN sessions and distributing outgoing connections

  • My pfSense box has 3 VPN clients configured to 3 different parts of the world. All LAN traffic whether they are wifi or wired, are routed over one of the three VPNs. The gateway group I configured with the 3 VPN clients are all configured as Tier 1 and trigger level packet loss or high latency.

    I've noticed that at it's best, a single VPN session caps at about 250mbps. This is UDP, encrypted with the pfbox using hardware crypto on a quad core CPU. My internet connection is very stable and reliable, and offers ~430mbps down, 45mbps up.

    When from a browser window I check my public IP I see one of the VPN addresses. Hitting F5 a couple of times, I can see it switching to different IP's. The round robin of the gateway group seems to work fine.

    I did some quick testing using several desktops and laptops, while monitoring the graphs on pfsense. What I noticed is that regularly, when one VPN is about saturated at ~200mbps, another session is simply (randomly?) being added to the already busy VPN, while the other 2 remain unused.

    Then another test, it (randomly?) uses another VPN session, and I get 2 saturated VPN connections, which is good.

    Sometimes, they all seem to use a single VPN session.

    Now the question is, can I change the behavior so that pfsense does better handling of sessions, and makes better use of the available bandwidth, considering a single VPN can do 250mbps max. Basically, if there's a VPN sessionm using ~100mbps while 2 others remain unused, new sessions should be put to the remaining 2 until the load is about equal. Use the least used VPN session first.

    Is that possible?

    Thanks in advance!

Log in to reply