Slow transfer speed from Windows Server over IPSEC?

  • I´m trying to find out why I can´t get proper transfer speed over IPSEC between two locations from our Windows Server 2008 R2 to a Windows 7 client. We got 100/100Mb Wan connections at both locations. If I transfer a file from the server over the IPSEC tunnel established between the two pfSense boxes to the Win 7 client i get about 40Mbit/s, but if I transfer the same file from a Qnap NAS with Samba or from a Unix server I get the full 100Mbit/s. So the hardware has no issue with the encryption, it´s something fishy with the Server. In the local lan I can transfer a file from the server to a Win 7 client at 1Gb/s even for large files.

    Anyone got any clues what to look for and what might be the cause of the poor performance?


  • Well I sorted it out myself, not perfect but better. I enabled MSS clamping on the IPSEC tunnel under Advanced and set it to 1300. That has made transfers from Windows servers work well and it keeps a steady 95Mbit/s transfer, but it also affected the Qnap NAS that now has a bursting traffic graph. I guess it´s fine as the Qnap still averages about 80Mbit/s. The MSS clamping was enabled previously with the default 1400 value and that worked a lot better for the Qnap.

    Anybody that could give me a hint on how to get them both to work properly over the tunnel?

    I´m also not sure I understand how this works. I could ping both the Win Server and Qnap over the IPSEC tunnel with ping -f -l 1472 x.x.x.x without getting fragmentation both ways. Why would I need to clamp the MSS all the way down to 1300 for the Windows server and not for the Qnap? What other overhead is there to subtract from 1472?

    I Still can ping with a 1472 lenght max before fragmentation  even now when the clamping is set to 1300, is that how it should be?

    I´m open for someone to educate me on how this works and how to properly calculate this.


Log in to reply