Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need ability to support 50mbit throughput with VPN

    Scheduled Pinned Locked Moved IPsec
    4 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara
      last edited by

      I have 9 locations deployed with Alix 2D13's

      Each location has a 100/50 Mbit connection.

      The main office is where all the VPN tunnels terminate to connect to the fileserver.

      I do not seem to be able to push more than 6-7 mbit via ipsec.  When I test with iperf from 2 locations the speed gets cut in half.

      Would I see better performance if the corporate location used a Dell Xeon server?  Would adding a card to handle encryption at the primary location help?

      Been doing some research on AESNI and it looks like even using a corei5 proc can provide significant improvement.  Anyone test AESNI on pfsense yet?

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • S
        sipple31
        last edited by

        So are you currently using an Alix as the head unit as well?  I could certainly see that being a choke point.  Would definitely need something with more horsepower.

        1 Reply Last reply Reply Quote 0
        • C
          corradolab
          last edited by

          | Hardware | IPSec thoughput |
          | Alix 3DES | 9 Mbps |
          | Alix AES 128 | 18 Mbps |
          | Alix + VPN1411 crypto card | 34 Mbps |
          | Intel Atom 1.8 Ghz AES 128 | 70 Mbps |

          To get 100 Mbps IPSEC or above you have to use desktop/server cpu like Intel Core i3 or above.

          Regards,
            Corrado

          1 Reply Last reply Reply Quote 0
          • J
            jasonlitka
            last edited by

            @kapara:

            Been doing some research on AESNI and it looks like even using a corei5 proc can provide significant improvement.  Anyone test AESNI on pfsense yet?

            Yes, don't bother.  AES-NI makes no difference at this point, though I wouldn't buy a CPU without it as better support is in the pipeline.

            I can break anything.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.