pfSense slow site-to-site VPN
-
@scottalanmiller good point, thanks
-
@IT-ADMIN said in pfSense slow site-to-site VPN:
before continue reading your issue, i want to tell you that pfsense will not play well in virtual environment, in their official website too many people complaining about slow connection when installing pfsense in virtual environment,
That used to be the case, newest versions are fine.
-
Why Open VPN for site to Site over IPSEC? OpenVPN is normally much slower..
OpenVPN was more made for easy configuration.
-
Also have you considered TINC full mesh on Pfsense, I have used it in the past when I worked at smaller companies.
-
@Jason said in pfSense slow site-to-site VPN:
OpenVPN is normally much slower..
No preference for OpenVPN, tried both, IPsec being just 1MB/s faster. Oddly, latency is still great while throughput is low. Both lines are sync 1GB/s, just some fiber and roughly 4 km / 2.5 miles in between. Next to no reflections on the fibre.
Async lines are a known problem especially in OpenVPN, but that shouldn't be the case
-
@Jason Not yet. Problem is, there's some confidential data going over that wire. Sure, already encrypted on OSI-7, but I don't feel comfortable using a solution in this context I don't know. Would rather like to stick to IPsec (preferred) or OpenVPN.
-
@Jason said in pfSense slow site-to-site VPN:
@IT-ADMIN said in pfSense slow site-to-site VPN:
before continue reading your issue, i want to tell you that pfsense will not play well in virtual environment, in their official website too many people complaining about slow connection when installing pfsense in virtual environment,
That used to be the case, newest versions are fine.
Does it have built in PV drivers for most platforms? Which ones does it support well?
-
@Jason said in pfSense slow site-to-site VPN:
Why Open VPN for site to Site over IPSEC? OpenVPN is normally much slower..
Specifically in CPU usage.
-
Try this: https://forum.pfsense.org/index.php?topic=47567.0
What's your protocol set to? TCP or UDP?
-
@marcinozga Thanks, but already tried net.inet.ip.fastforwarding in all combinations with TCP and UDP.
