926Mbps over AES-GCM tunnel (real world link)
-
172.21.0.106 (8860) FreeBSD -CURRENT
[switched LAN]
172.21.0.1 pfSense 2.3 (4860)
(Not going to give you the real-wold IP address)[Real World 1Gbps path with AES-GCM-128 IPSec running]
172.27.12.17 pfSense 2.2.5 (C2758)
(Not going to give you the real-wold IP address)[switched LAN]
172.27.12.18 (C2758) FreeBSD -CURRENT
jim@home-8860:~ % iperf3 -c 172.27.12.18 -P 4 -u -b 250M
Connecting to host 172.27.12.18, port 5201
[ 4] local 172.21.0.106 port 10311 connected to 172.27.12.18 port 5201
[ 6] local 172.21.0.106 port 41141 connected to 172.27.12.18 port 5201
[ 8] local 172.21.0.106 port 16997 connected to 172.27.12.18 port 5201
[ 10] local 172.21.0.106 port 23233 connected to 172.27.12.18 port 5201
[ ID] Interval Transfer Bandwidth Total Datagrams
[ 4] 0.00-1.00 sec 27.8 MBytes 233 Mbits/sec 37767
[ 6] 0.00-1.00 sec 27.5 MBytes 231 Mbits/sec 3561
[ 8] 0.00-1.00 sec 26.8 MBytes 225 Mbits/sec 3521
[ 10] 0.00-1.00 sec 23.5 MBytes 197 Mbits/sec 3429
[SUM] 0.00-1.00 sec 106 MBytes 886 Mbits/sec 48278
[ 4] 1.00-2.00 sec 28.8 MBytes 242 Mbits/sec 48160
[ 6] 1.00-2.00 sec 29.2 MBytes 245 Mbits/sec 3744
[ 8] 1.00-2.00 sec 28.7 MBytes 241 Mbits/sec 4173
[ 10] 1.00-2.00 sec 24.4 MBytes 205 Mbits/sec 3673
[SUM] 1.00-2.00 sec 111 MBytes 932 Mbits/sec 59750
[ 4] 2.00-3.00 sec 29.3 MBytes 245 Mbits/sec 48430
[ 6] 2.00-3.00 sec 29.2 MBytes 245 Mbits/sec 3745
[ 8] 2.00-3.00 sec 28.9 MBytes 242 Mbits/sec 3737
[ 10] 2.00-3.00 sec 23.6 MBytes 198 Mbits/sec 3698
[SUM] 2.00-3.00 sec 111 MBytes 931 Mbits/sec 59610
[ 4] 3.00-4.00 sec 29.2 MBytes 245 Mbits/sec 48500
[ 6] 3.00-4.00 sec 29.2 MBytes 245 Mbits/sec 3739
[ 8] 3.00-4.00 sec 28.9 MBytes 243 Mbits/sec 3737
[ 10] 3.00-4.00 sec 23.6 MBytes 198 Mbits/sec 3704
[SUM] 3.00-4.00 sec 111 MBytes 931 Mbits/sec 59680
[ 4] 4.00-5.00 sec 29.2 MBytes 245 Mbits/sec 48415
[ 6] 4.00-5.00 sec 29.2 MBytes 245 Mbits/sec 3740
[ 8] 4.00-5.00 sec 28.9 MBytes 242 Mbits/sec 3738
[ 10] 4.00-5.00 sec 23.5 MBytes 197 Mbits/sec 3695
[SUM] 4.00-5.00 sec 111 MBytes 929 Mbits/sec 59588
[ 4] 5.00-6.00 sec 29.7 MBytes 249 Mbits/sec 48324
[ 6] 5.00-6.00 sec 29.7 MBytes 249 Mbits/sec 3802
[ 8] 5.00-6.00 sec 29.5 MBytes 247 Mbits/sec 3802
[ 10] 5.00-6.00 sec 24.1 MBytes 203 Mbits/sec 3771
[SUM] 5.00-6.00 sec 113 MBytes 948 Mbits/sec 59699
[ 4] 6.00-7.00 sec 28.7 MBytes 241 Mbits/sec 48796
[ 6] 6.00-7.00 sec 28.7 MBytes 241 Mbits/sec 3675
[ 8] 6.00-7.00 sec 28.4 MBytes 238 Mbits/sec 3674
[ 10] 6.00-7.00 sec 23.0 MBytes 193 Mbits/sec 3635
[SUM] 6.00-7.00 sec 109 MBytes 913 Mbits/sec 59780
[ 4] 7.00-8.00 sec 29.2 MBytes 245 Mbits/sec 48446
[ 6] 7.00-8.00 sec 29.2 MBytes 245 Mbits/sec 3743
[ 8] 7.00-8.00 sec 28.7 MBytes 241 Mbits/sec 3742
[ 10] 7.00-8.00 sec 23.5 MBytes 198 Mbits/sec 3678
[SUM] 7.00-8.00 sec 111 MBytes 929 Mbits/sec 59609
[ 4] 8.00-9.00 sec 29.2 MBytes 245 Mbits/sec 48439
[ 6] 8.00-9.00 sec 29.2 MBytes 245 Mbits/sec 3742
[ 8] 8.00-9.00 sec 28.9 MBytes 242 Mbits/sec 3733
[ 10] 8.00-9.00 sec 23.5 MBytes 197 Mbits/sec 3699
[SUM] 8.00-9.00 sec 111 MBytes 930 Mbits/sec 59613
[ 4] 9.00-10.00 sec 29.2 MBytes 245 Mbits/sec 48411
[ 6] 9.00-10.00 sec 29.2 MBytes 245 Mbits/sec 3743
[ 8] 9.00-10.00 sec 29.1 MBytes 244 Mbits/sec 3741
[ 10] 9.00-10.00 sec 23.4 MBytes 196 Mbits/sec 3719
[SUM] 9.00-10.00 sec 111 MBytes 930 Mbits/sec 59614
[ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams
[ 4] 0.00-10.00 sec 290 MBytes 244 Mbits/sec 0.332 ms 444978/470526 (95%)
[ 4] Sent 470526 datagrams
[ 6] 0.00-10.00 sec 290 MBytes 244 Mbits/sec 0.320 ms 11530/36990 (31%)
[ 6] Sent 36990 datagrams
[ 8] 0.00-10.00 sec 287 MBytes 241 Mbits/sec 0.341 ms 12182/37354 (33%)
[ 8] Sent 37354 datagrams
[ 10] 0.00-10.00 sec 236 MBytes 198 Mbits/sec 0.265 ms 15637/36457 (43%)
[ 10] Sent 36457 datagrams
[SUM] 0.00-10.00 sec 1.08 GBytes 926 Mbits/sec 0.315 ms 484327/581327 (83%)iperf Done.
jim@home-8860:~ %And there is still room for improvement.
-
Looking good ;)
I'm having some issues with fragmentation when using IPSec on PfSense. Would you be able to have a look at my topic and see if you are experiencing the same issues? Is your PMTU working properly?
https://forum.pfsense.org/index.php?topic=99995.0
Thanks.
-
Can you try:
sysctl -w net.inet.ipsec.dfbit=1
on both boxes, and report back?
-
Please let me know what you used for both P1 and P2. I used the same algorithm for my P1 and I can barely pass more than 30 Mbit across VPN. My office has 1gbit up/down on C2758 supermicro with 8gb ram with aes-ni enabled on 2.2.6
Remote side is 1gbit in, 500mbit out. Running 2.2.6 in Hyper-V.