Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSEC performance? tinc?

    IPsec
    1
    1
    490
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bobkoure last edited by

      I've got IPsec tunnels up between two locations, and performance isn't what I'd hoped.
      Both offices have SG2440s
      Both sites have multiple ISPs (so gateway groups and fail-over)
      For original setup / simplicity, IPSEC tunnels just use 1 ISP at each site
      site 1 ISP1 has 20/20
      site 2 ISP1 has 100/100

      When I test with LANSpeedTest https://totusoft.com/lanspeed I get 3Mbps
      For judging SMB overhead, when I test against a local file server I get 730Mbps

      I have AES-ni instructions available on both ends, and am using AES-128 / AES-XCBC / DH2

      I have recently moved from Snapgear SG580s (Linux based) because those processors did not have AES-ni, and so I was using 3DES., which was slow, but not this slow - in the 5Mbps over these same connections.

      So, what am I doing wrong? Looks like I've somehow pessimized my IPSEC connections  :-[
      I've tried all sorts of combinations of encryption/hash algorithms and don't see any improvement.

      BTW, with the Snapgears, I had PFS on. I have it off on pfSense.

      Is there a how to improve IPSEC performance on pfSense page around somewhere.

      All that said, what about tinc?  I ran GRE tunnels over IPSEC on the snapgears, to un-block some protocols IPSEC was 'helping' me by filtering out. GRE looks problematic on pfSense. tinc to the rescue?

      I've got about a day into making it work between my home pfSense and the branch office, so I can test performance. Wondering if it's worth my while to keep banging on it…

      Finally: what forum group is appropriate for tinc questions?

      Thanks for any help / suggestions...

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy