Higher throughput with OpenVPN than IPSec. Can it be?
-
I setup a new IPSec tunnel between two pfSense boxes (Xeon D-1521 & Avoton C2758) with Gigabit internet. I can't seem to break 17.5MB/s on SMB file transfers yet I can hit 22MB/s via an OpenVPN tunnel between the same two boxes.
I've tried all different encryption settings and right now and using AES 128 and SHA1 for testing purposes though no setting change has affected the throughput at all. I've tried enabled MSS clamping and setting MTU to 1300 on both ends but no luck.
Being that OpenVPN is single threaded I realize I can't go beyond the 22MB/s I'm getting because it's making out my C2758 (CPU usage stays at 15-16% which equals 1 core maxed out). However with both CPU's having AES-NI enabled I thought I'd at least be able to surpass OpenVPN speeds. And while I realize SMB isn't the greatest test as it's a very chatty protocol and thus not great for WAN transfers, that still doesn't explain why I'm a good 40Mbit slower using IPSec vs. OpenVPN.