PfSense as an IPSec / L2TP client

  • Hi,

    I tried using OpenVPN, but since it's single-threaded, it maxes out single-core performance of my Athlon 5350, and bottlenecks me at ~300 Mbps (and ~200 Mbps when I enable AES-NI, which seems to be in line with this thread), which isn't acceptable, as it's not saturating my 420 Mbps line.

    Decided to try IPSec / L2TP instead (in hope that it would utilize the remaining cores better), but… have no clue how to do it. webConfigurator only allows me to setup a server, not configure a client. All I want to do is just to connect to a VPN proxy (i.e. PIA), no complicated site-to-site tunneling, or anything of that sort.

    Any help / hints would be greatly appreciated, including possible tweaks to OpenVPN. What I have right now: AES-128-CBC, AES-NI disabled (though it would be great, if hardware acceleration would accelerate things), fragment 0, mssfix 0, tun-mtu 48000, comp-lzo.

  • Did you ever get this working? I want to do the same thing, log into a L2TP/IPSEC server from pfSense and route some traffic over that tunnel instead of the regular WAN interface.

  • No, unfortunately. Bought an ERLite-3 instead, lived with ~250 Mbps for a bit, and then decided that VPN is not worth all this trouble.

Log in to reply