Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Higher throughput with OpenVPN than IPSec. Can it be?

    IPsec
    1
    1
    308
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JimPhreak last edited by

      I setup a new IPSec tunnel between two pfSense boxes (Xeon D-1521 & Avoton C2758) with Gigabit internet.  I can't seem to break 17.5MB/s on SMB file transfers yet I can hit 22MB/s via an OpenVPN tunnel between the same two boxes.

      I've tried all different encryption settings and right now and using AES 128 and SHA1 for testing purposes though no setting change has affected the throughput at all.  I've tried enabled MSS clamping and setting MTU to 1300 on both ends but no luck.

      Being that OpenVPN is single threaded I realize I can't go beyond the 22MB/s I'm getting because it's making out my C2758 (CPU usage stays at 15-16% which equals 1 core maxed out).  However with both CPU's having AES-NI enabled I thought I'd at least be able to surpass OpenVPN speeds.  And while I realize SMB isn't the greatest test as it's a very chatty protocol and thus not great for WAN transfers, that still doesn't explain why I'm a good 40Mbit slower using IPSec vs. OpenVPN.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post