Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC Performance

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 455 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kevin S Pare
      last edited by

      We have 2 HP Servers with 900/450mbps internet connections.

      We are only getting 150-200mpbs for bandwidth out of the ipsec tunnel.

      One server (source) does has the option for hardware crypto.

      Both servers running dual cpu's and 64gb of ram.

      Using AES-256-SHA1-GR2 for tunnel configuration.

      What can I do to max out the tunnel connection?

      1 Reply Last reply Reply Quote 0
      • MacLemonM
        MacLemon
        last edited by

        That depends on what the actually limiting factor is.

        Did you check the easy options already?

        • WAN NIC MTU
        • IPSec MSS Clamping
        • NIC Hardware Offloading
        • if AES-NI is actually active in BIOS/(U)EFI and in pfSense
        • if switching to AES-GCM improves throughput (assuming hashing performance is a potentially limiting factor)
        1 Reply Last reply Reply Quote 0
        • K
          Kevin S Pare
          last edited by

          wan mtu is set to 1500
          mss clamping it set to 1380
          I have offloading turned off
          AES-NI is not active
          I'll try aes-gcm

          Cpu's are at 3-5% so not doing much.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.