Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec - Release 2.4.2 - the good news and the bad news - throughput benchmark

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 364 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tacoma
      last edited by

      The good news:
      Just ran an iperf test on my IPsec gateway VPN which has gigabit fiber WAN side fiber connections.
      My hardware on both ends is a Supermicro motherboard with 8 core ATOM CPU's and 8 GB of memory.
      Here are the results from one iperf test:

      Client connecting to x.x.x.1, UDP port 5001
      Sending 1470 byte datagrams, IPG target: 11.76 us (kalman adjust)
      UDP buffer size: 56.0 KByte (default)
      –----------------------------------------------------------
      [  3] local x.x.x.5 port 18443 connected with x.x.x.1 port 5001
      [ ID] Interval      Transfer    Bandwidth
      [  3]  0.0-10.0 sec  1.16 GBytes  999 Mbits/sec
      [  3] Sent 849358 datagrams

      Which is 99.9% of the theoretical bandwidth.

      The bad news for release 2.4.2, this was run on release 2.3.4

      I have run these gateway VPN's for years on Version 2.x with good results.
      But now with upgrading 2.4.x things went to crap.
      Recently after upgrading to 2.4.x I began to get Kernel crashes on one side.
      I read up on this in the pfsense forum, and found recommendations for some buffer settings on ports, there were some discussions about FreeBSD issues so I tried the latest DEV version, I played with MTU settings, I started with fresh installs of 2.4.2 on both sides, all to no avail.  When I benchmarked 2.4.x I was getting less than 1/3 of the throughput or worse from those on V 2.3.4

      I did benchmark testing using the following:

      iperf pfsense to pfsense
      iperf run in command line windows
      ftp transfers
      SMB file copy and pasting

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.