Hi,
i just bought an Decisco OPNsense Dual A10 DC rack Appliancen and configured a IPSec Tunnel for testing purposes. So I connected the WAN interfaces directly and both are showing a 1000baste T <full duplex> Status at the Interface Overview.
So if I do some speed tests like iperf or downloading an big ISO file between the VPN Sites via wget, I allways got limited by 100MBit/s. What causes that hard limit? Not 110, not 120, not 90 Mbit, every Time and test is allways limited by 100MBits. The WAN interfaces should deliver 1GBit. I woulnd expect 1GBit IPSec speed, but something round about 200MBit should be possible.
I'm confused.
PS: i played around with some other encyption algorithm from weak to strong - nothing has any impact on the speed.
Thanks for any hint!
AES128GCM, SHA256, DH14 .. normally should give you way more.
Sure there's no Traffic Shaper? Can you test without VPN?
Yip. There is no traffic sharper. its nearly a default setup. I changed the the settings to AES (128bit) + SHA256 +DH G14 and its not slower or faster than before.
And plain?
You mean DH Key group "off"? changes nothing. there's a freaky 100 mbit wall, that i cant break through. I even attached a 1gbit switch and the status led's shows a 1gbit connection too.
I mean plaintext download without ipsec