Very slow Ipsec traffic



  • I have established an ipsec tunnel via a new SG-2100 on a Bell canada DSL 100Mb connection. Internet traffic is fine, however traffic through the ipsec tunnel is ridiculously slow. I have configured it with the lowest security and encryption just to provide some very basic security (files that transit are not confidential).
    Are there any settings I should be looking at ?
    Is there a way of setting up a fixed route from Pfsense to Pfsense without encrypted VPN ? like a static route via the internet or is this a riduculous idea ? Or a very light not encrypted tunnel that is point to point ?
    thanks

    Chris


  • Netgate Administrator

    Just how slow is it?

    What is the available bandwidth at each end of the tunnel?

    You could you something unencrypted like GRE. You can use OpenVPN without encryption. But you really shouldn't unless you have no choice.
    If the tunnel pfSense at both ends?

    Steve



  • @claferriere

    Don't forget, your bandwidth is limited by the upstream bandwidth at each end. For example, I have a 500/20 connection on Rogers. If I connected to my system with a VPN, my downstream bandwidth would be a bit less than 20 Mb. The upstream would be similarly limited by the upstream bandwidth at the other end.



  • @JKnott thanks for reminding me of that. I just checked and the upstream on Bell Fibe 100 DSL is 10Mb ! I guess we need to pressure them for FTTH service...

    bellfibe100.jpg



  • @claferriere

    Here's what I just got:
    https://www.speedtest.net/result/10463320687

    So, if we set up a VPN between us, the maximum bandwidth in one direction would be about 20 Mb/s and 10 in the other.

    I also have unlimited usage.


  • Netgate Administrator

    So that's around what you're seeing over IPSec?


  • LAYER 8 Global Moderator

    So I get the asymmetrical nature of say docsis -

    Where exactly is the fiber run too.. I love how some of these ISP call their service fibre, when they mean yeah we have some fiber in our network. Could be a 3ft run between cabinets ;) But to you its still the same crappy connection.. from our offices to your home..

    There would be little reason to limit the upload on a actual fiber connection.. Even if they could get it close enough to you to run ethernet.. FTTN

    They actually call it "Bell Fibe 100 DSL" so your connection is still DSL?



  • @johnpoz

    Where I live, both Rogers (cable), the company I'm on and Bell (ADSL) have both fibre to the neighbourhood and fibre to the home, depending on the area. There are also some areas that still depend on ADSL back to the CO. One of my neighbours, who's on ADSL, can't get more than about 50 Mb, even though we're just a couple of blocks from the CO. Both companies are working on bringing fibre to home in areas that don't yet have it.


  • LAYER 8 Global Moderator

    I get it.. But they really shouldn't call it some "fiber/fibre" service unless that is what your connected to ;) every single connection everywhere for the internet has fiber in it somewhere ;) hehehe



  • @johnpoz

    Actually, they marketed it as "Fibe", which I liked to shorten to "Fib". 😉
    The head end for the cable company is about 9 miles from here.


  • LAYER 8 Global Moderator

    I think will start an ISP and call my packages.. .Ultimate Fiber 10ge, in the small print just put

    *fiber is used somewhere in the connection when you go to google.com - we promise that 100% ;) Your connection speed may vary..


Log in to reply