VPN IpSec bandwith limited

tof

Hello,
I use Pfense, and one of the use is a VPN IPsec.

A week a go I had a Pfsense with 300Mb/s of bandwidth and another with 50Mb/s (Personal Dsl box).
In the Vpn I was able to use 50mb/s, so no problem.

The personal link was upgraded to fiber with 400mb/s.
And I'm still at 50mb/s.

this is my architecture :
home : internet <---> Internet box (DMZ nat to pfense) <---> Fw pfense with vpn ipsec <---> lan
Server in DC : internet <---> Fw pfense with vpn ipsec.

I tested with iperf :
from home to Dc using the VPN :
[ 3] 5.0- 6.0 sec 6.22 MBytes 52.2 Mbits/sec 0.334 ms 15/ 4452 (0.34%)
But not more

I tested from home to DC by public (with nat) :
[ 3] 4.0- 5.0 sec 48.5 MBytes 407 Mbits/sec 0.030 ms 1033/35616 (2.9%)

And cpu and am are quiet.

For information pfsense on both are installed on vmware.
pfsense version : 2.4.4-RELEASE-p3(amd64), the latest.
All are working well but the bandwith in Vpn.

Do someone had already see it, solved it ?

Thanks.
Christophe.

tof

The tests I made was using UDP.

I did the same with TCP ans it seems there is a mimitation at 25mb/s

udp test with public :

root@client ~ # iperf -c public_ip -b 400M -u
------------------------------------------------------------
Client connecting to public_ip, UDP port 5001
Sending 1470 byte datagrams, IPG target: 28.04 us (kalman adjust)
UDP buffer size: 8.00 MByte (default)
------------------------------------------------------------
[  3] local private_ip port 10012 connected with public_ip port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   500 MBytes   419 Mbits/sec
[  3] Sent 356661 datagrams
[  3] Server Report:
[  3]  0.0-10.0 sec   485 MBytes   406 Mbits/sec   0.064 ms 10375/356661 (2.9%)
[  3] 0.00-10.02 sec  18 datagrams received out-of-order
root@client ~ #

udp test with private ip :

root@client ~ # iperf -c private_ip -b 400M -u
------------------------------------------------------------
Client connecting to private_ip, UDP port 5001
Sending 1470 byte datagrams, IPG target: 28.04 us (kalman adjust)
UDP buffer size: 8.00 MByte (default)
------------------------------------------------------------
[  3] local private_ip port 33804 connected with 192.168.1.3 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   500 MBytes   419 Mbits/sec
[  3] Sent 356660 datagrams
[  3] Server Report:
[  3]  0.0-10.3 sec   283 KBytes   226 Kbits/sec  611.953 ms 356462/356659 (1e+02%)
root@client ~ #

tcp test with public ip :

root@client ~ # iperf -c public_ip -b 400M
------------------------------------------------------------
Client connecting to public_ip, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[  3] local private_ip port 52622 connected with public_ip port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  30.4 MBytes  25.4 Mbits/sec
root@client ~ #

tcp test with private ip :

root@client ~ # iperf -c private_ip -b 400M
------------------------------------------------------------
Client connecting to private_ip, TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[  3] local private_ip port 12658 connected with private_ip port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  29.5 MBytes  24.7 Mbits/sec
root@client ~ #

Very strange.
Any idea ?