Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
IPSec 100MBit limit?!
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec 100MBit limit?! (Read 4489 times)
c-mu
Full Member
Posts: 210
Karma: 5
IPSec 100MBit limit?!
«
on:
July 06, 2018, 01:47:42 pm »
Hi,
i just bought an Decisco OPNsense Dual A10 DC rack Appliancen and configured a IPSec Tunnel for testing purposes. So I connected the WAN interfaces directly and both are showing a 1000baste T <full duplex> Status at the Interface Overview.
So if I do some speed tests like iperf or downloading an big ISO file between the VPN Sites via wget, I allways got limited by 100MBit/s. What causes that hard limit? Not 110, not 120, not 90 Mbit, every Time and test is allways limited by 100MBits. The WAN interfaces should deliver 1GBit. I woulnd expect 1GBit IPSec speed, but something round about 200MBit should be possible.
I'm confused.
PS: i played around with some other encyption algorithm from weak to strong - nothing has any impact on the speed.
Thanks for any hint!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSec 100MBit limit?!
«
Reply #1 on:
July 06, 2018, 01:56:48 pm »
AES128GCM, SHA256, DH14 .. normally should give you way more.
Sure there's no Traffic Shaper? Can you test without VPN?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
c-mu
Full Member
Posts: 210
Karma: 5
Re: IPSec 100MBit limit?!
«
Reply #2 on:
July 06, 2018, 02:03:17 pm »
Yip. There is no traffic sharper. its nearly a default setup. I changed the the settings to AES (128bit) + SHA256 +DH G14 and its not slower or faster than before.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSec 100MBit limit?!
«
Reply #3 on:
July 06, 2018, 02:09:22 pm »
And plain?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
c-mu
Full Member
Posts: 210
Karma: 5
Re: IPSec 100MBit limit?!
«
Reply #4 on:
July 06, 2018, 02:26:35 pm »
You mean DH Key group "off"? changes nothing. there's a freaky 100 mbit wall, that i cant break through. I even attached a 1gbit switch and the status led's shows a 1gbit connection too.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: IPSec 100MBit limit?!
«
Reply #5 on:
July 06, 2018, 03:20:43 pm »
I mean plaintext download without ipsec
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
IPSec 100MBit limit?!