SMB sharing performances through iPsec VPN with nat 1:1



  • Hi everybody,

    Heres is the configuration:
    We have a dedicated server with proxmox installed on it. This proxmox hosts a VM with pFsense and multiple lxc containers with customers's files behind the pfsense.
    Every single customers has a firewall on site which is connected to the pFsense through an iPsec tunnel with a public ip address binded to a container's private ip with nat 1:1, so they can access their files through this tunnel using a unique public ip. They are using smb protocol to access those files.
    We noticed that while accessing files is pretty fast, copying files has a very very low speed rate even with a 100mb/s internet connexion on both side, and it looks like pfsense is not able to process quickly this task given this configuration.
    Any suggestions to improve performances ?



  • how fast/slow we are talking?
    could be speed and duplex settings on the interfaces
    could be MTU
    could be packet loss
    ....
    you should use something like wireshark to see what's going wrong



  • we are talking of a 100ko/s average
    MTU & duplex settings checked already on both sides
    (MTU=1500 / MSS=1460)

    Also, remote people can also access their files connecting from a laptop with openvpn.
    same process: ovpn -> pfsense public ip -> nat 1:1 -> lxc container private ip
    Still very slow transfer speed rate


  • Netgate Administrator

    What latency do clients see to the file stores?

    smb is notoriously terrible over high latency links. What speeds do they see if they try pulling files in some other way? SCP for example?

    I would still try enabling mss clamping in IPSec as a test.

    Steve


Log in to reply