Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to decide on hardware, IPSEC and OpenVPN server/client

    Scheduled Pinned Locked Moved Hardware
    21 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      @tdhuck:

      Tested at one of the locations (via IPSEC) and it appears the tunnel is still capped at 10 Mbps down with the new CPU.

      Keep in mind that this depends on both sides of the connection. So a weak client will still limit you.

      1 Reply Last reply Reply Quote 0
      • ? Offline
        A Former User
        last edited by

        @johnkeates:

        @tdhuck:

        Tested at one of the locations (via IPSEC) and it appears the tunnel is still capped at 10 Mbps down with the new CPU.

        Keep in mind that this depends on both sides of the connection. So a weak client will still limit you.

        I'm not convinced. What you say is absolutely true, but there has to be another issue, somewhere. I just disconnected the IPSEC tunnel and opened up my NAS to the internet and started to transfer a 3GB ISO file, I am still being capped at 10 Mbps w/o going through a VPN and having to worry about encryption throughput. Something seems like it isn't functioning at 100%

        1 Reply Last reply Reply Quote 0
        • ? This user is from outside of this forum
          Guest
          last edited by

          In that case, do have a different problem indeed. Make sure pfSense's interfaces are setup correctly (automatic mode etc) and check if any Link status LED's match the link speeds. If those are good, you probable have to look outside of pfSense to find the problem. Have you tried iperf yet? And packet capture to figure out if maybe a lot of trash is happening on the network?

          This speed is not related to the CPU or anything like that, even a pentium 3 pulls much more bits than that.

          1 Reply Last reply Reply Quote 0
          • ? Offline
            A Former User
            last edited by

            @johnkeates:

            In that case, do have a different problem indeed. Make sure pfSense's interfaces are setup correctly (automatic mode etc) and check if any Link status LED's match the link speeds. If those are good, you probable have to look outside of pfSense to find the problem. Have you tried iperf yet? And packet capture to figure out if maybe a lot of trash is happening on the network?

            This speed is not related to the CPU or anything like that, even a pentium 3 pulls much more bits than that.

            Right, I'm convinced there is another issue since I am seeing these same issues with my other pfsense box, this rules out the interfaces, I would think, I doubt I'd have issues with interfaces on two different pfsense boxes.

            My ISP equipment is a cable modem that is in bridge mode, I don't have issues getting full speeds when I am at the main network and running a speed test. Latency/ping/speeds all look normal. I stream 4k media all the time and have never seen buffering/pixelation/etc. I'm not saying that nothing needs to be checked, I am simply pointing out that there aren't any obvious issues to make me think something is wrong with the circuit.

            I do think the problem is at the main connection since I experience the same 10 Mbps when I am at several different locations, two of those locations have connections of 100 Mbps or better.

            I will say this, in all my tests, I am downloading files from my NAS, I guess I will start there and see if there is anything obvious. I do have two switches between my NAS box and the pfsense box, but all links should be gigabit (they were last time I checked).

            EDIT- I am not physically on site at the main location (where the new pfsense install was done, yesterday), but I used SSH over the IPSEC tunnel to check the port status, everything is connected at 1000 Mbps Full Duplex. I'll see if I can run iperf from both pfsense boxes and see what that shows…

            1 Reply Last reply Reply Quote 0
            • ? This user is from outside of this forum
              Guest
              last edited by

              Also see if you can try iperf between de NAS and pfSense or another device on the same switch.

              1 Reply Last reply Reply Quote 0
              • ? Offline
                A Former User
                last edited by

                @johnkeates:

                Also see if you can try iperf between de NAS and pfSense or another device on the same switch.

                Here are the results from iperf between the two pfsense boxes, no VPN, I opened up port 5001 on the main (new) pfsense box.

                Not looking good…


                Client connecting to xxx.xxx.xxx.xxx, TCP port 5001
                TCP window size: 64.2 KByte (default)

                [  3] local xxx.xxx.xxx.xxx port 50004 connected with xxx.xxx.xxx.xxx port 5001
                [ ID] Interval      Transfer    Bandwidth
                [  3]  0.0-10.0 sec  7.25 MBytes  6.06 Mbits/sec

                1 Reply Last reply Reply Quote 0
                • ? Offline
                  A Former User
                  last edited by

                  Here are the results when running iperf on a device connected to the main switch where the new pfsense box is located (not running off NAS). IPSEC/VPN tunnel

                  This is the server side:
                  [ ID] Interval          Transfer    Bandwidth
                  [  5]  0.00-1.00  sec  634 KBytes  5.18 Mbits/sec                 
                  [  5]  1.00-2.00  sec  1.08 MBytes  9.05 Mbits/sec                 
                  [  5]  2.00-3.00  sec  1.25 MBytes  10.5 Mbits/sec                 
                  [  5]  3.00-4.00  sec  1.38 MBytes  11.5 Mbits/sec                 
                  [  5]  4.00-5.00  sec  1.24 MBytes  10.4 Mbits/sec                 
                  [  5]  5.00-6.00  sec  1.29 MBytes  10.8 Mbits/sec                 
                  [  5]  6.00-7.00  sec  1.19 MBytes  9.97 Mbits/sec                 
                  [  5]  7.00-8.00  sec  1.28 MBytes  10.7 Mbits/sec                 
                  [  5]  8.00-9.00  sec  1.18 MBytes  9.92 Mbits/sec                 
                  [  5]  9.00-10.00  sec  1.15 MBytes  9.70 Mbits/sec                 
                  [  5]  10.00-10.04  sec  28.3 KBytes  6.03 Mbits/sec


                  [ ID] Interval          Transfer    Bandwidth
                  [  5]  0.00-10.04  sec  0.00 Bytes  0.00 bits/sec                  sender
                  [  5]  0.00-10.04  sec  11.7 MBytes  9.77 Mbits/sec                  receiver

                  This is the client side:
                  [ ID] Interval          Transfer    Bandwidth      Retr  Cwnd
                  [  4]  0.00-1.00  sec  724 KBytes  5.93 Mbits/sec    0  45.2 KBytes     
                  [  4]  1.00-2.00  sec  1.10 MBytes  9.27 Mbits/sec    1  50.9 KBytes     
                  [  4]  2.00-3.00  sec  1.27 MBytes  10.7 Mbits/sec    0  67.9 KBytes     
                  [  4]  3.00-4.00  sec  1.37 MBytes  11.5 Mbits/sec    0  82.0 KBytes     
                  [  4]  4.00-5.00  sec  1.28 MBytes  10.7 Mbits/sec    1  65.0 KBytes     
                  [  4]  5.00-6.00  sec  1.29 MBytes  10.9 Mbits/sec    1  58.0 KBytes     
                  [  4]  6.00-7.00  sec  1.15 MBytes  9.62 Mbits/sec    1  50.9 KBytes     
                  [  4]  7.00-8.00  sec  1.30 MBytes  10.9 Mbits/sec    0  65.0 KBytes     
                  [  4]  8.00-9.00  sec  1.19 MBytes  9.95 Mbits/sec    3  59.4 KBytes     
                  [  4]  9.00-10.00  sec  1.14 MBytes  9.57 Mbits/sec    2  55.1 KBytes


                  [ ID] Interval          Transfer    Bandwidth      Retr
                  [  4]  0.00-10.00  sec  11.8 MBytes  9.90 Mbits/sec    9            sender
                  [  4]  0.00-10.00  sec  11.7 MBytes  9.81 Mbits/sec                  receiver

                  I've checked all interfaces on both pfsense boxes (via the pfsense GUI) everything is gigabit and full duplex. No errors/collisions.
                  I've checked all the interfaces on the switches, everything is gigabit and full duplex. No errors/collisions.

                  1 Reply Last reply Reply Quote 0
                  • ? Offline
                    A Former User
                    last edited by

                    I have good news and bad news.

                    Good news is that I am maxing out the connection at 10 Mbps on and off the VPN, on both pfsense boxes and now I know why (see bad news).

                    Bad news is that the ISP must have changed something or I have a problem, when I do a speed test, I get 105 Mbps down and 11 Mbps up.

                    Now that I know the upload is maxing at 11 Mbps, all my results are normal (see good news).

                    However, I have never seen cable internet, at the 100 Mbps download tier, come with 10 Mbps of upload speed. I either have an issue on the line/in the network or the ISP did in fact change their upload speeds on their packages. I am absolutely certain that my upload was more than 10 Mbps, in the past.

                    1 Reply Last reply Reply Quote 0
                    • ? This user is from outside of this forum
                      Guest
                      last edited by

                      Well, now we know. Bloody ISPs and their bad uploads!  :-X

                      1 Reply Last reply Reply Quote 0
                      • ? Offline
                        A Former User
                        last edited by

                        @johnkeates:

                        Well, now we know. Bloody ISPs and their bad uploads!  :-X

                        I am disappointed, years ago I had much better performance, but it was before I setup a VPN connection. I was simply streaming an IP camera (strong password and only allowed from specific WAN IPs) then I setup OpenVPN, speeds were not really an issue since the camera worked just fine, but I started testing file transfers and I always thought it was the encryption causing bad performance, turns out, the ISP is tweaking the tiers/packages. Upload doesn't matter as much as download, until/unless you are doing what I was wanting to do….....

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.