Re: [pfSense] pfsense openvpn speed?

2017-11-26 Thread Eero Volotinen
Is that real line "mtu" or just virtual parameter? Eero 2017-11-26 6:04 GMT+02:00 Jim Thompson : > > To explain why this is an good thing: > > One of the problems here is that while the AES-CBC (actual crypto) can be > accelerated via AES-NI, the HMAC isn’t (very new Intel

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Eero Volotinen
Well, cipher AES-256-CBC auth SHA256 thinking to upgrade this to AES-256-GCM Eero 2017-11-25 21:30 GMT+02:00 Jim Thompson : > What crypto transform and authentication are you running? Maybe try > AES-GCM (which is AES-NI accelerated) at both ends if both devices support >

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Eero Volotinen
half Of Eero > Volotinen > Sent: Saturday, November 25, 2017 5:35 AM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: [pfSense] pfsense openvpn speed? > > > We are running pfsense 2.3 on netgate sg-8860. > > > > Device is c

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Jim Thompson
What crypto transform and authentication are you running? Maybe try AES-GCM (which is AES-NI accelerated) at both ends if both devices support it. Might need pfSense 2.4 for this. Try setting the (OpenVPN) MTU to a larger number. More hints:

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Eero Volotinen
Well. Both lan and wan is connected to full duplex gigabit port. It can do at least 600Mbit/s nat as tested with speedtest.net Well. Wan is utilized at max about 100Mbit/s. (10% of total connect speed) Is this hardware underpowered to do over 100Mbit/s openvpn speed? Eero 2017-11-25 19:37

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Joseph L. Casale
-Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Saturday, November 25, 2017 5:35 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] pfsense openvpn speed? > We are running pf

Re: [pfSense] pfsense openvpn speed?

2017-11-25 Thread Lyle
There is a lot of information missing here. You have a better Netgate unit, but if the internet port on it is connected to a 100Mbps switch, performance will suck. Same on the LAN side. And if the ports are mismatched(half vs full duplex for instance), performance will suffer. What

[pfSense] pfsense openvpn speed?

2017-11-25 Thread Eero Volotinen
Hi list, We are running pfsense 2.3 on netgate sg-8860. Device is connected to internet with gigabit link, but openvpn speed is very slow (about 50Mbit/s). Any idea how to get more speed to vpn clients? Eero ___ pfSense mailing list