Need ability to support 50mbit throughput with VPN



  • I have 9 locations deployed with Alix 2D13's

    Each location has a 100/50 Mbit connection.

    The main office is where all the VPN tunnels terminate to connect to the fileserver.

    I do not seem to be able to push more than 6-7 mbit via ipsec.  When I test with iperf from 2 locations the speed gets cut in half.

    Would I see better performance if the corporate location used a Dell Xeon server?  Would adding a card to handle encryption at the primary location help?

    Been doing some research on AESNI and it looks like even using a corei5 proc can provide significant improvement.  Anyone test AESNI on pfsense yet?



  • So are you currently using an Alix as the head unit as well?  I could certainly see that being a choke point.  Would definitely need something with more horsepower.



  • | Hardware | IPSec thoughput |
    | Alix 3DES | 9 Mbps |
    | Alix AES 128 | 18 Mbps |
    | Alix + VPN1411 crypto card | 34 Mbps |
    | Intel Atom 1.8 Ghz AES 128 | 70 Mbps |

    To get 100 Mbps IPSEC or above you have to use desktop/server cpu like Intel Core i3 or above.

    Regards,
      Corrado



  • @kapara:

    Been doing some research on AESNI and it looks like even using a corei5 proc can provide significant improvement.  Anyone test AESNI on pfsense yet?

    Yes, don't bother.  AES-NI makes no difference at this point, though I wouldn't buy a CPU without it as better support is in the pipeline.


Log in to reply