IPSec Speed maxing at about 25mbps

  • Hello,

    I have two Identical pfSenses (2.4.4-RELEASE-p2, the latest version at the time of this writing) virtualized in Windows Server 2012R2 on a PowerEdge R520, on a 40/40mbps link between two states

    Both have 8 cores and 8gb of RAM

    They have the same version, same configuration, same hardware, same hyper-v, same Dell hardware even the ISP is the same company and the link is the same dedicated 40/40mbps at each side

    At first the link maxed at about 20mbps average (using iperf3 for benchmarks)

    After searching around I made the following changes on both ends:

    System -> Advanced -> Misc
    Enabled AES-NI cpu based acceleration

    VPN -> IPSEC -> Advanced
    Enabled IP Compression
    Enabled MSS Clamping at 1400
    Enabled Async Cryptography

    VPN -> IPSEC
    Redone both Tunnels with:

    P1: AES128-GCM with Hash AES-XCBC
    P2: AES128-GCM with Hash AES-XCBC

    Dashboard shows: AES-NI CPU Crypto: Yes (active)

    Rebooted both ends

    Now the link maxes at about 26mbps, which is a far cry from what I expected (about 36mbps)

    Is there anything else I can try on the pfSense side? (I am starting to suspect there might be something related to Hyper-V)

    Thank you!

  • Rebel Alliance Developer Netgate

    Turn off the hash on P2. AES-GCM shouldn't have any hashing on P2.

  • Thanks, it increased to about 27-28mbps average with peaks of 30mbps

    Any more tips to squeeze a little more speed? Thanks!

Log in to reply