IPSec - Release 2.4.2 - the good news and the bad news - throughput benchmark
-
The good news:
Just ran an iperf test on my IPsec gateway VPN which has gigabit fiber WAN side fiber connections.
My hardware on both ends is a Supermicro motherboard with 8 core ATOM CPU's and 8 GB of memory.
Here are the results from one iperf test:Client connecting to x.x.x.1, UDP port 5001
Sending 1470 byte datagrams, IPG target: 11.76 us (kalman adjust)
UDP buffer size: 56.0 KByte (default)
–----------------------------------------------------------
[ 3] local x.x.x.5 port 18443 connected with x.x.x.1 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 1.16 GBytes 999 Mbits/sec
[ 3] Sent 849358 datagramsWhich is 99.9% of the theoretical bandwidth.
The bad news for release 2.4.2, this was run on release 2.3.4
I have run these gateway VPN's for years on Version 2.x with good results.
But now with upgrading 2.4.x things went to crap.
Recently after upgrading to 2.4.x I began to get Kernel crashes on one side.
I read up on this in the pfsense forum, and found recommendations for some buffer settings on ports, there were some discussions about FreeBSD issues so I tried the latest DEV version, I played with MTU settings, I started with fresh installs of 2.4.2 on both sides, all to no avail. When I benchmarked 2.4.x I was getting less than 1/3 of the throughput or worse from those on V 2.3.4I did benchmark testing using the following:
iperf pfsense to pfsense
iperf run in command line windows
ftp transfers
SMB file copy and pasting