Hi folks,
Im facing this behavior with 21.1, 21. 7 and now with 22.1 Series.
I have two OPNSense routers with the same version - 22.1-amd64
1- Branch office
vmx0 - Lan interface - 172.20.0.0/24
vmx1 - Wan Interface - 1.1.1.1
2 - Head office
vmx0 - Lan interface - 172.50.0.0/24
vmx1 - Wan Interface - 2.2.2.2
Each one has the same config and are running over Esxi.
When I do transfer files (SCP, CIFS, HTTP) over Ipsec Tunnel - Between networks - 172.50.0.0/24 and 172.20.0.0/24 the network throughput does not pass over 30Mbps.
When I try transfer files From Head office LAN 172.50.0.0/24 to Brach office 1.1.1.1 over WAN interface (Port forward) I got 90Mbps of throughput. The same happen fram Lan Branch office to Head office over WAN.
Could someone has idea about solve it ?
These options already disabled in both devices.
Hardware CRC
Hardware TSO
Hardware LRO
VLAN Hardware Filtering
Best regards
It maybe an issue with MTU and MSS Size, there are some posts in this forum about performance issues and ipsec, worth a try.
Hi @Cerberus,
Thank you by tip.
But, is there any documentation about it ? Or reference!?
Regards
Carlos
Try to enforce a max. MSS value on the IPSec interface using a normalization rule in Firewall > Advanced > Normalization. See an example attached.
http://cloud.tapatalk.com/s/620558dfc945d/Safari%20-%2010.02.2022%20at%2019%3A24.pdf (http://cloud.tapatalk.com/s/620558dfc945d/Safari%20-%2010.02.2022%20at%2019%3A24.pdf)
Hello Dear 8191
Thank you by your tip,I will try enable it and test and report here.
regards
Carlos
Hi folks, thank you by tips
The procedure http://cloud.tapatalk.com/s/620558dfc945d/Safari%20-%2010.02.2022%20at%2019%3A24.pdf it works as expected!!
Regards
Carlos
I'm having the same problem and tried this fix on both ends with no change. IPsec still maxes out around 30mbit. Did you have to do anything else to resolve this?