4. IPSEC Performance

IPSEC Performance

  • K

    We have 2 HP Servers with 900/450mbps internet connections.

    We are only getting 150-200mpbs for bandwidth out of the ipsec tunnel.

    One server (source) does has the option for hardware crypto.

    Both servers running dual cpu's and 64gb of ram.

    Using AES-256-SHA1-GR2 for tunnel configuration.

    What can I do to max out the tunnel connection?

    0

  • That depends on what the actually limiting factor is.

    Did you check the easy options already?

    • WAN NIC MTU
    • IPSec MSS Clamping
    • NIC Hardware Offloading
    • if AES-NI is actually active in BIOS/(U)EFI and in pfSense
    • if switching to AES-GCM improves throughput (assuming hashing performance is a potentially limiting factor)
    0
  • K

    wan mtu is set to 1500
    mss clamping it set to 1380
    I have offloading turned off
    AES-NI is not active
    I'll try aes-gcm

    Cpu's are at 3-5% so not doing much.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy