Shaping IPsec, multiple Incoming IPSec connections to one pfSense as Receiver, and multiple (parallel) traffic outgoing on one IPSec connection from one Sender pfSense

  • Hi everybody !

    I receive backups of VMs from two locations on my server. Each of the two locations has a pfSense with one WAN interface running, and so does my server.
    For remote management (and the backups) there is an IPsec tunnel between the server and each of the remote locations established.

    My Internet Connection has 50 Mbit download, one location about 4 Mbit upload speed, the other around 10 Mbit.

    The first (incremental) backups from the faster location worked well, using the full speed. The only first problem was, that two parallel backups did not work so well, as the bandwidth was not balanced enough, it was OK so far, but in the future this should also do better as backups sometimes interrupted because of this.

    Bu as I activated the backups from the second, slower location, the speed on the receiving side dropped to the speed of the sender, and when the other backup from the faster location now comes in, the speed nearly does nearly not rise (and the backup from there is now always interrupting, and management with RDP connections is also very poor), although there is more than enough bandwidth available … ☹

    So I have the challenge to optimize the incoming connections on the receiver side, and also on the sender side (what probably can be done with the shaping wizards).
    I am not experienced using traffic shaping, and my first studies and trials with matching floating rules, the IPsec rules, or with limiters on the receiver side led to no result.
    So I hope here is someone who has an idea what has to be done to set this up in a way pfSense can handle this !

    Ah, yes, if it is only possible to do this by changing to OpenVPN, I of course can take this in consideration !

    Thank you for all your efforts in advance,


    PS: I just discovered that the location with faster upload has a basic problem in the connection to the receiving server which influences the speed, appearing at the same time when I started the second connection – two different errors which seem to be connected ☹
    But still the way to balance the loads would be of interest !

Log in to reply