Netgate Store

Author Topic: ipsec performance  (Read 171 times)

0 Members and 1 Guest are viewing this topic.

Offline bhawk6901

  • Jr. Member
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
ipsec performance
« on: February 04, 2018, 01:54:45 am »
I Have 2xlanner 8759 which has xeon e3-1275 processor and 16gb ram. Running pfsense 2.2.5. I have connected 2 such firewalls back to back Network topology is attached. Testing out this setup just out of curiosity  :)
VPN config at both ends is as follows:
Mode: Main
P1 protocol: AES256 and SHA1 (not gcm)
P2 protocol: ESPand SHA1.
Tunnel is established between 10.10.10.1 and 10.10.10.2. I can verify that the tunnels are up using tcpdump.
Iperf server is hosted on 192.168.2.2, client from 192.168.3.2. Both PCs running windows.
I am getting throughput of about 400-420Mbps. I was wondering if this is good on a xeon e3-1275 processor?
Also it supports aes ni, does that get enabled by default or has to be enabled via bios?
Lastly are there any tunables that i can play around with to increase performance since my cpu utilization hardly gets upto 15%?

Will i get any improvements if i switch to newer versions of pfsense?