Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSec - Release 2.4.2 - the good news and the bad news - throughput benchmark

    IPsec
    1
    1
    221
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tacoma last edited by

      The good news:
      Just ran an iperf test on my IPsec gateway VPN which has gigabit fiber WAN side fiber connections.
      My hardware on both ends is a Supermicro motherboard with 8 core ATOM CPU's and 8 GB of memory.
      Here are the results from one iperf test:

      Client connecting to x.x.x.1, UDP port 5001
      Sending 1470 byte datagrams, IPG target: 11.76 us (kalman adjust)
      UDP buffer size: 56.0 KByte (default)
      –----------------------------------------------------------
      [  3] local x.x.x.5 port 18443 connected with x.x.x.1 port 5001
      [ ID] Interval      Transfer    Bandwidth
      [  3]  0.0-10.0 sec  1.16 GBytes  999 Mbits/sec
      [  3] Sent 849358 datagrams

      Which is 99.9% of the theoretical bandwidth.

      The bad news for release 2.4.2, this was run on release 2.3.4

      I have run these gateway VPN's for years on Version 2.x with good results.
      But now with upgrading 2.4.x things went to crap.
      Recently after upgrading to 2.4.x I began to get Kernel crashes on one side.
      I read up on this in the pfsense forum, and found recommendations for some buffer settings on ports, there were some discussions about FreeBSD issues so I tried the latest DEV version, I played with MTU settings, I started with fresh installs of 2.4.2 on both sides, all to no avail.  When I benchmarked 2.4.x I was getting less than 1/3 of the throughput or worse from those on V 2.3.4

      I did benchmark testing using the following:

      iperf pfsense to pfsense
      iperf run in command line windows
      ftp transfers
      SMB file copy and pasting

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy