Well,
cipher AES-256-CBC
auth SHA256
thinking to upgrade this to AES-256-GCM
Eero
2017-11-25 21:30 GMT+02:00 Jim Thompson :
> What crypto transform and authentication are you running? Maybe try
> AES-GCM (which is AES-NI accelerated) at both ends if both devices support
>
thanks for links. looks like it might be wise to upgrade pfsense 2.4 and
enable --cipher AES-256-GCM on openvpn?
Eero
2017-11-25 20:01 GMT+02:00 Joseph L. Casale :
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
>
What crypto transform and authentication are you running? Maybe try AES-GCM
(which is AES-NI accelerated) at both ends if both devices support it. Might
need pfSense 2.4 for this.
Try setting the (OpenVPN) MTU to a larger number.
More hints:
Well.
Both lan and wan is connected to full duplex gigabit port. It can do at
least 600Mbit/s nat as tested with speedtest.net
Well. Wan is utilized at max about 100Mbit/s. (10% of total connect speed)
Is this hardware underpowered to do over 100Mbit/s openvpn speed?
Eero
2017-11-25 19:37
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero
Volotinen
Sent: Saturday, November 25, 2017 5:35 AM
To: pfSense Support and Discussion Mailing List
Subject: [pfSense] pfsense openvpn speed?
> We are running pfsense 2.3 on
There is a lot of information missing here.
You have a better Netgate unit, but if the internet port on it is
connected to a 100Mbps switch, performance will suck. Same on the LAN
side. And if the ports are mismatched(half vs full duplex for
instance), performance will suffer.
What
The device was only up for 4 hours before patching. Neither here nor there I
was not intending to blame anything was more or less treating it as an advisory
to take necessary precautions as well as see if anyone else had this happen and
potentially knew of a fix.
Did not mean to turn this into
On 25 November 2017 at 15:19, Adam Thompson wrote:
> If you're going to even consider blaming widely-used software for hardware
> problems, then absolutely, yes, please do this, if only to stop the
> accusations.
> If you don't reboot regularly, now's a good time to change
If you're going to even consider blaming widely-used software for hardware
problems, then absolutely, yes, please do this, if only to stop the accusations.
If you don't reboot regularly, now's a good time to change that policy, too.
We aren't running NetWare 3.1 any more. No reboots = no
Hi list,
We are running pfsense 2.3 on netgate sg-8860.
Device is connected to internet with gigabit link, but openvpn speed is
very slow (about 50Mbit/s). Any idea how to get more speed to vpn clients?
Eero
___
pfSense mailing list
On 24 November 2017 at 01:35, Jim Thompson wrote:
> If there is no response from the bootloader (coreboot) on the serial port,
> then the hardware died, and the upgradeās only involvement was the reboot at
> the end.
Sounds like it's a good advice to reboot manually before
> On Nov 22, 2017, at 9:34 AM, Ryan Coleman wrote:
>
> I want to pass the entire traffic from a few locations through one master.
>
> I have one site working. But when I try to connect the second site it kills
> the first.
>
> I have IPSec for some basic network
Thought you were on to something and thanks for the directions but I have an
APU4 took my board off and there is no removing of the bios. The cmos batter is
even permanently attached.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Holger Bauer
Sent:
13 matches
Mail list logo