Tip: IPsec Site-2-Site VPN using NAT-T may be able to significantly increase the speed
-
For a very long time, the link speed of my IPsec Site-2-Site VPN has always been only about 120Mbps ( with 1 Gbps Internet connection ).
I tried a lot of configuration combinations and did a lot of testing. After a series of optimizations, the link speed has steadily reached 180Mbps. Testing to find out the proper MTU and MSS truely improved my VPN speed a lot.
Recently I upgraded to better hardwares and used an AES-NI CPU, but the speed is still not much different.
By chance, I found that my L2TP+IPsec VPN could run up to 950Mbps+ and it works in NAT-T mode. So I immediately switched my IPsec Site-2-Site VPN to forced NAT-T mode as well. Miraculous things happened, my Site-2-Site VPN also jump to about 900Mbps+. Only this ONE setting has been modified, and no other settings have changed.
If you also encounter similar problems, please try to use NAT-T mode under the premise of ensuring that the MTU and MSS settings are correct. Maybe you can see the magic too.
Upper Deck.
-
Just try it.
-
I think this is an ISP related issue, not pfSense related. If your ISP does not have special restrictions, this method will not have any effect.
-
@upper-deck I think at this point wireguard s2s seems to largely obviate IPsec.
-
hi @efriedman ,thank you for your advice. I will try to switch to WireGuard.