[Solved] Site-2-Site IPsec very slow

[Hunduster]

Hello all,

I recently switched to OPNsense and have two IPsec tunnels set up.

Unfortunately I get a maximum transfer rate of 300 kB/s with both tunnels. I have already searched everything here but could not find a solution for me that brings me even close to a higher data throughput.

The OPNsense is running on a Sophos SG135 hardware appliance and should have enough performance. The processor is at least bored to death - also the tunnels always ran flawlessly when Sophos UTM was in use. I had also played around with the encryptions, unfortunately without success.

I have now read several times about "normalization" and also entered different values for IPsec at the point in the OPN. Unfortunately, this did not change anything for me, neither in a positive nor in a negative way.


Side A - builds the tunnels:
OPNsense on a 1.000/50 asymmetric line

Side B:
Sophos UTM on a 1.000 symmetric line.

Side C:
Sophos UTM on a 1.000 symmetric line


I am currently a bit in despair.

[Hunduster]

I have been able to find the error in the meantime.
The problem on the UTM side was the flood protection.

I turned it off and now everything works fine. An exception, which was always configured for the subnets has curiously not worked. Since the UTM will sooner or later be switched to OPNsense, this is enough for me for now.