Hi,
I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C
boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a
maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very
low for an AES-NI enabled processor. And about 30 seconds after the test is
started, I don't know why, the connection is lost and I have restart IKED
daemon on the "passive" host.
If I disable the VPN, I get a maximum of 439 Avg
Mbps which is not fabulous for a 1 Gbps link but quite better than 66 Mbps.
The tests were made with tcpbench: tcpbench a.a.a.a on one host and tcpbench
-s on the other one.
No optimisation at all in sysctl.conf, only a default
install.
This is the IKEDv2 configuration file on host 2:
ikev2 "HDV" active
esp from $local_gw to $remote_gw \
from $LAN_LOCAL to $LAN_HDV_INFRA
\
peer $remote_gw srcid $local_gw psk "testpassword"
and the IKEDv2
configuration file on host 1:
ikev2 "HDV-CEV" passive esp from $local_gw to
$remote_gw \
from $LAN_HDV_INFRA to $LAN_CEV \
peer
$remote_gw srcid $local_gw psk "testpassword"
My question is, is there any
optimisation I can set somewhere to get a better result with max bandwidth ?
Thanks !
Morgan
