Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Ipsec throughput poor
« previous
next »
Print
Pages: [
1
]
Author
Topic: Ipsec throughput poor (Read 2632 times)
ccesario
Jr. Member
Posts: 83
Karma: 1
Ipsec throughput poor
«
on:
February 10, 2022, 03:36:47 pm »
Hi folks,
Im facing this behavior with 21.1, 21. 7 and now with 22.1 Series.
I have two OPNSense routers with the same version - 22.1-amd64
1- Branch office
vmx0 - Lan interface - 172.20.0.0/24
vmx1 - Wan Interface - 1.1.1.1
2 - Head office
vmx0 - Lan interface - 172.50.0.0/24
vmx1 - Wan Interface - 2.2.2.2
Each one has the same config and are running over Esxi.
When I do transfer files (SCP, CIFS, HTTP) over Ipsec Tunnel - Between networks - 172.50.0.0/24 and 172.20.0.0/24 the network throughput does not pass over 30Mbps.
When I try transfer files From Head office LAN 172.50.0.0/24 to Brach office 1.1.1.1 over WAN interface (Port forward) I got 90Mbps of throughput. The same happen fram Lan Branch office to Head office over WAN.
Could someone has idea about solve it ?
These options already disabled in both devices.
Hardware CRC
Hardware TSO
Hardware LRO
VLAN Hardware Filtering
Best regards
Logged
Cerberus
Jr. Member
Posts: 63
Karma: 4
Re: Ipsec throughput poor
«
Reply #1 on:
February 10, 2022, 05:03:57 pm »
It maybe an issue with MTU and MSS Size, there are some posts in this forum about performance issues and ipsec, worth a try.
Logged
ccesario
Jr. Member
Posts: 83
Karma: 1
Re: Ipsec throughput poor
«
Reply #2 on:
February 10, 2022, 06:15:24 pm »
Hi @Cerberus,
Thank you by tip.
But, is there any documentation about it ? Or reference!?
Regards
Carlos
Logged
8191
Jr. Member
Posts: 83
Karma: 4
Re: Ipsec throughput poor
«
Reply #3 on:
February 10, 2022, 07:27:30 pm »
Try to enforce a max. MSS value on the IPSec interface using a normalization rule in Firewall > Advanced > Normalization. See an example attached.
http://cloud.tapatalk.com/s/620558dfc945d/Safari%20-%2010.02.2022%20at%2019%3A24.pdf
Logged
ccesario
Jr. Member
Posts: 83
Karma: 1
Re: Ipsec throughput poor
«
Reply #4 on:
February 11, 2022, 01:22:06 pm »
Hello Dear 8191
Thank you by your tip,I will try enable it and test and report here.
regards
Carlos
Logged
ccesario
Jr. Member
Posts: 83
Karma: 1
Re: Ipsec throughput poor
«
Reply #5 on:
March 02, 2022, 12:56:57 pm »
Hi folks, thank you by tips
The procedure
http://cloud.tapatalk.com/s/620558dfc945d/Safari%20-%2010.02.2022%20at%2019%3A24.pdf
it works as expected!!
Regards
Carlos
Logged
Adam.P
Newbie
Posts: 29
Karma: 0
Re: Ipsec throughput poor
«
Reply #6 on:
March 09, 2022, 08:50:50 pm »
I'm having the same problem and tried this fix on both ends with no change. IPsec still maxes out around 30mbit. Did you have to do anything else to resolve this?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Ipsec throughput poor