Tunnel max transfer rate significantly reduced since upgrading to pfense 2.8.1 CE
-
Hi All,
I decided to take the plunge and upgrade our firewalls to pfsense version 2.8.1 CE, from 2.7.2
I did this by Backing up the configs and a fresh install, loading in the backup via the GUI once fresh install was booted.
Everything including our main site-to-site VPN came back up and appeared to be working well, however it has now become apparent that the maximum data rate through the tunnel is peaking at around 91.5 Mbits/sec - tested using iperf from a few different machines on each side.
This is quite a dramatic decrease in the transfer rates as I if I remember correctly they were more like 600 Mbits/sec previously.
My knee jerk reaction was that a link must have synced at 10/100 but all are at 1000baseT <full-duplex> and a speed test from machines sat behind the firewall are coming back as expected around 870 Mbit/s or more depending on the target.
I'm reluctant to make any config changes due to downtime and risk of breaking things completely. That said I would like to stick with 2.8 rather than reverting back to 2.7 but file transfers and backups are suffering.
Some research took me to a suggestion that PMTUD issues in the new version of pfsense due to FreeBSD 15 could be the root cause?
Happy to take any advice. The tunnel is UDP and using an AES-NI CPU Crypto compatible algorithm. CPU loads and temps on both sides are low throughout any speed testing.
Thanks