OPNsense Forum
English Forums => Virtual private networks => Topic started by: rebru on January 21, 2023, 11:31:05 am
-
I have a strange IPSEC performance gap between virtual appliance and the DEC 3840, which i did buy this week. Before i will start to explain, some pre informations. I want to migrate from Sophos UTM to opnSense, which i did test with a virtual opnSense based on Esxi 6.7 U2 with vmx adapters. So far so good and all is working like expected including the performance on IPSEC, on which i get ~300-400 Mbit on a gigabit internet connection (like before with UTM<->UTM)
Then i did install the DEC 3840 transferred the configuration from the virtual opnSense to the DEC3840. Did work without any issues. The only difference between the virtual and the DEC3840 is based on the LAN which is on the DEC3840 a LAGG on the ax interfaces (10Gbit).
But now i have a poor performance on the IPSEC VPN - instead of getting 300-400 Mbit i only have 80 Mbit in general, and i dont have any clue why this performance is so bad.
Did try to normalize with MSS 1300 on IPSEC, did setup LAN on MSS 1300 (not both together) but the performance doesnt change. The funny part is, if i did use the virtual opnSense for IPSEC VPN and routing the traffic from the DEC 3840 to the virtual, i get the 300-400 Mbit again.
So my question is - on the factsheet of the DEC 3840 they say you can expect >2Gbit IPSEC performance - i know, this is the best effort and i'm happy with 300-400 Mbit, but not with 80. What can be the reason for that? I dont believe its the hardware, it should be powerful enough to handle or isnt it?
-
what happens if you you disconnect one of the interfaces of the LAGG and test the IPSec?
Can you provide a diagram for your test scenario.
-
what happens if you you disconnect one of the interfaces of the LAGG and test the IPSec?
Can you provide a diagram for your test scenario.
No, i didnt try that - but that will maybe worth a try
I'm ended up now to take the LAN back to igb0 and the performance is like on the virtual appliance before - 300-400 Mbit . Maybe its based on my configuration to have LAN and VLAN on the same LAGG - that is the only difference.