Netgate SG-1000 microFirewall

Author Topic: trying to decide on hardware, IPSEC and OpenVPN server/client  (Read 729 times)

0 Members and 1 Guest are viewing this topic.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 752
  • Karma: +58/-1
    • View Profile
Re: trying to decide on hardware, IPSEC and OpenVPN server/client
« Reply #15 on: December 26, 2017, 07:03:23 pm »
Also see if you can try iperf between de NAS and pfSense or another device on the same switch.

Offline tdhuck

  • Sr. Member
  • ****
  • Posts: 384
  • Karma: +1/-0
    • View Profile
Re: trying to decide on hardware, IPSEC and OpenVPN server/client
« Reply #16 on: December 26, 2017, 07:09:30 pm »
Also see if you can try iperf between de NAS and pfSense or another device on the same switch.

Here are the results from iperf between the two pfsense boxes, no VPN, I opened up port 5001 on the main (new) pfsense box.

Not looking good...

------------------------------------------------------------
Client connecting to xxx.xxx.xxx.xxx, TCP port 5001
TCP window size: 64.2 KByte (default)
------------------------------------------------------------
[  3] local xxx.xxx.xxx.xxx port 50004 connected with xxx.xxx.xxx.xxx port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  7.25 MBytes  6.06 Mbits/sec


Offline tdhuck

  • Sr. Member
  • ****
  • Posts: 384
  • Karma: +1/-0
    • View Profile
Re: trying to decide on hardware, IPSEC and OpenVPN server/client
« Reply #17 on: December 26, 2017, 08:46:02 pm »
Here are the results when running iperf on a device connected to the main switch where the new pfsense box is located (not running off NAS). IPSEC/VPN tunnel

This is the server side:
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec   634 KBytes  5.18 Mbits/sec                 
[  5]   1.00-2.00   sec  1.08 MBytes  9.05 Mbits/sec                 
[  5]   2.00-3.00   sec  1.25 MBytes  10.5 Mbits/sec                 
[  5]   3.00-4.00   sec  1.38 MBytes  11.5 Mbits/sec                 
[  5]   4.00-5.00   sec  1.24 MBytes  10.4 Mbits/sec                 
[  5]   5.00-6.00   sec  1.29 MBytes  10.8 Mbits/sec                 
[  5]   6.00-7.00   sec  1.19 MBytes  9.97 Mbits/sec                 
[  5]   7.00-8.00   sec  1.28 MBytes  10.7 Mbits/sec                 
[  5]   8.00-9.00   sec  1.18 MBytes  9.92 Mbits/sec                 
[  5]   9.00-10.00  sec  1.15 MBytes  9.70 Mbits/sec                 
[  5]  10.00-10.04  sec  28.3 KBytes  6.03 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.04  sec  0.00 Bytes  0.00 bits/sec                  sender
[  5]   0.00-10.04  sec  11.7 MBytes  9.77 Mbits/sec                  receiver




This is the client side:
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec   724 KBytes  5.93 Mbits/sec    0   45.2 KBytes       
[  4]   1.00-2.00   sec  1.10 MBytes  9.27 Mbits/sec    1   50.9 KBytes       
[  4]   2.00-3.00   sec  1.27 MBytes  10.7 Mbits/sec    0   67.9 KBytes       
[  4]   3.00-4.00   sec  1.37 MBytes  11.5 Mbits/sec    0   82.0 KBytes       
[  4]   4.00-5.00   sec  1.28 MBytes  10.7 Mbits/sec    1   65.0 KBytes       
[  4]   5.00-6.00   sec  1.29 MBytes  10.9 Mbits/sec    1   58.0 KBytes       
[  4]   6.00-7.00   sec  1.15 MBytes  9.62 Mbits/sec    1   50.9 KBytes       
[  4]   7.00-8.00   sec  1.30 MBytes  10.9 Mbits/sec    0   65.0 KBytes       
[  4]   8.00-9.00   sec  1.19 MBytes  9.95 Mbits/sec    3   59.4 KBytes       
[  4]   9.00-10.00  sec  1.14 MBytes  9.57 Mbits/sec    2   55.1 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  11.8 MBytes  9.90 Mbits/sec    9             sender
[  4]   0.00-10.00  sec  11.7 MBytes  9.81 Mbits/sec                  receiver


I've checked all interfaces on both pfsense boxes (via the pfsense GUI) everything is gigabit and full duplex. No errors/collisions.
I've checked all the interfaces on the switches, everything is gigabit and full duplex. No errors/collisions.


« Last Edit: December 26, 2017, 09:11:14 pm by tdhuck »

Offline tdhuck

  • Sr. Member
  • ****
  • Posts: 384
  • Karma: +1/-0
    • View Profile
Re: trying to decide on hardware, IPSEC and OpenVPN server/client
« Reply #18 on: December 27, 2017, 11:32:46 am »
I have good news and bad news.

Good news is that I am maxing out the connection at 10 Mbps on and off the VPN, on both pfsense boxes and now I know why (see bad news).

Bad news is that the ISP must have changed something or I have a problem, when I do a speed test, I get 105 Mbps down and 11 Mbps up.

Now that I know the upload is maxing at 11 Mbps, all my results are normal (see good news).

However, I have never seen cable internet, at the 100 Mbps download tier, come with 10 Mbps of upload speed. I either have an issue on the line/in the network or the ISP did in fact change their upload speeds on their packages. I am absolutely certain that my upload was more than 10 Mbps, in the past.


Offline johnkeates

  • Hero Member
  • *****
  • Posts: 752
  • Karma: +58/-1
    • View Profile
Re: trying to decide on hardware, IPSEC and OpenVPN server/client
« Reply #19 on: December 27, 2017, 12:09:32 pm »
Well, now we know. Bloody ISPs and their bad uploads!  :-X

Offline tdhuck

  • Sr. Member
  • ****
  • Posts: 384
  • Karma: +1/-0
    • View Profile
Re: trying to decide on hardware, IPSEC and OpenVPN server/client
« Reply #20 on: December 27, 2017, 12:58:14 pm »
Well, now we know. Bloody ISPs and their bad uploads!  :-X

I am disappointed, years ago I had much better performance, but it was before I setup a VPN connection. I was simply streaming an IP camera (strong password and only allowed from specific WAN IPs) then I setup OpenVPN, speeds were not really an issue since the camera worked just fine, but I started testing file transfers and I always thought it was the encryption causing bad performance, turns out, the ISP is tweaking the tiers/packages. Upload doesn't matter as much as download, until/unless you are doing what I was wanting to do........