Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec between sites painfully slow

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 634 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unsichtbarre
      last edited by

      Howdy! I know the topic is a common one, but I would like suggestions for tuning my IPsec between sites for better throughput.

      I have Cogent 10Gb WAN at both sites, one is west-coast and one is east-coast, so even staying on Cogent "backbone" only, there are 11 hops and 70ms. latency. I have also verified ping -d -s 1472 <IP ADDR> between sites

      My pfSense(s) are configured with 4 vCPUs (running as a VMware VM) and rarely shows more than 10% CPU usage at the maximum throughput I am able to obtain through the IPsec between sites.

      My Phase 1:
      IKE v2, Mutual PSK, AES256-GCM-128bits-SHA256-DH14

      My Phase 2:
      Tunnel, ESP, AES256-GCM-DH14

      Any suggestions?
      THX,
      -John

      G 1 Reply Last reply Reply Quote 0
      • G
        gerdesj @unsichtbarre
        last edited by

        @unsichtbarre

        Install the iperf package at both ends. Use that to determine what your baseline end to end speed really is. Now run it over your ipsec tunnel. If there is a substantial difference then that needs looking into.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.