Question about re-directing gateway

  • Hi all,

    We have a number of 'road warriors' who connect into our data center over a 3G connection on their laptop.

    I'm looking to redirect all of their Internet traffic through the large pipe at our data center.  This is to encypt their traffic over the 3G wireless network and to enforce web filtering policies when users are off-site.

    My question is would the clients see much of a hit on their bandwidth when re-directing all their Internet traffic through to our data center pfSense.  Just for information, we have a 100mbit connection on the data center pfSense box which has very low latency.  The users 3G connections normally get around 2mb down and 1mb up when running a speedtest on them.  Would the users experience a noticeable loss is speed/bandwidth if I were to redirect their gateway?

    I guess I could just set it up and test but thought i'd ask on here to see if anyone has any real world experience.



  • Rebel Alliance Developer Netgate

    The actual throughput may be OK but they would see increased latency. How much really depends on the full path from them to the DC, but 3G can have enough latency on its own that it may be noticeable to add a VPN on top, though I'd still do it.

  • Thanks Jim, I did some quick tests today using an existing site-to-site setup but the results were a little disappointing.

    At the client end I have a 40mbit WAN connection and a 100mbit connection at the server end.

    When I redirect the client gateway, I struggle to get over 10mbit on a speedtest.  If I remove the redirect-gateway option, the speedtest correctly reports 38mbit down.

    This was using no encryption.  The client is running off an Alix box, the server is a quad core Xeon.

    My initial thoughts are that the client hardware doesn't have enough horsepower to deliver throughput but on the other hand, with no encryption should this really matter?

    EDIT: Checked CPU using 'top' and the openvpn process peaks at around 40% when using AES-256 and 25% with no encryption  :-\