Need ability to support 50mbit throughput with VPN
-
I have 9 locations deployed with Alix 2D13's
Each location has a 100/50 Mbit connection.
The main office is where all the VPN tunnels terminate to connect to the fileserver.
I do not seem to be able to push more than 6-7 mbit via ipsec. When I test with iperf from 2 locations the speed gets cut in half.
Would I see better performance if the corporate location used a Dell Xeon server? Would adding a card to handle encryption at the primary location help?
Been doing some research on AESNI and it looks like even using a corei5 proc can provide significant improvement. Anyone test AESNI on pfsense yet?
-
So are you currently using an Alix as the head unit as well? I could certainly see that being a choke point. Would definitely need something with more horsepower.
-
| Hardware | IPSec thoughput |
| Alix 3DES | 9 Mbps |
| Alix AES 128 | 18 Mbps |
| Alix + VPN1411 crypto card | 34 Mbps |
| Intel Atom 1.8 Ghz AES 128 | 70 Mbps |To get 100 Mbps IPSEC or above you have to use desktop/server cpu like Intel Core i3 or above.
Regards,
Corrado
-
Been doing some research on AESNI and it looks like even using a corei5 proc can provide significant improvement. Anyone test AESNI on pfsense yet?
Yes, don't bother. AES-NI makes no difference at this point, though I wouldn't buy a CPU without it as better support is in the pipeline.