The pfSense Store

Author Topic: IPsec low throughput  (Read 849 times)

0 Members and 1 Guest are viewing this topic.

Offline brcisna

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
IPsec low throughput
« on: April 06, 2012, 09:49:58 am »
Hello All,

ISP connections at each site
(1) 6mb upload/download (static)
(1) 3mb upload/download (static)

i recently upgraded our two pfSense machines from 1.2.3-RELEASE to pfSense-2.0.1 (i386)
Clean installs on each machine.
Both machines are identical. Pentium 3.1ghz 2gb ram sata drives.
Each machine has a quad Intel pci-x nic along with the integrated 2 Intel nics.
I have done the em driver tweaks to the /boot/loader.conf.local file. ( This by the way did resolve packet loss on the 4 ports of the pci-x nic)
We have set up a site to site IPsec VPN same as the previous version of pfSense.
Same as before the upgrade I am only able to get at best 350-400kb's tops when doing an iperf file transfer from site to site.
This is very consistently the range regardless of time of day.
I was hoping with the newer version of pfSense,along with slightly better hardware than before this would dramatically increase.
I have tried all of the possible encryption algos with no difference in transfer rate.
I have tried reading all of the howto's on IPsec site to site setups and do not know what else to try and tweak.
Also,I have NOT done any traffic shaping as everything has worked so well without this for our school setting.
if I do traffic shaping with the wizard would this push more bandwidth through the IPsec interface?

Thank You,
Barry

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: IPsec low throughput
« Reply #1 on: April 08, 2012, 03:11:33 am »
400 KB/sec is rough 3 Mbps. i.e. you're hitting the max of the upload. Or you mean 400 Kb?