Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 22 replies
  • Subscribers 4 subscribers
  • Views 73386 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow IPsec VPN

Emotive
I have two Sophos UTM Home endpoints, one at my house and another at my friends with a VPN between us. I cannot get speeds over 30Mbps on the VPN from me to my friends house but if he downloads directly from my web server he maxes my connection out at around 75Mbps.

My UTM - Dual Core Celeron 2.9Ghz 4GB
All security services enabled
75/75Mb fiber (tested to 80/80)

Friends UTM - Dual Core Celeron 2.9Ghz 4GB
All security services enabled
105/10Mb cable (Tested to 125/12)

VPN is AES128 SHA2 128 with PFS.(I have tried all different types of combinations) Both systems show about 5-9% CPU load when transferring, and I have even tried turning off the IPS/Web proxy with no difference in speed. Our previous configuration was with an EdgeRouter Lite on both ends which allowed IPsec VPN speeds to max my connection out.

The issue is on the UTMs somewhere but I cannot seem to find something that works.


This thread was automatically locked due to age.
Parents
  • 0
    I just moved my installation from virtual to physical (both on UTM 9.353).

    Virtual: Hyper-V VM, AMD Phenom II X4 2,8 GHz, 2 vCores, without AES-NI
    Physical: Zotac CI323, Intel Celeron N3150 1,6-2,08 Ghz, 4 Cores, with AES-NI

    My internet bandwidth is 75 Mbps, with virtual I could completely saturate the 75 Mbps.
    The physical gets only half of it through, it seems AES-NI is not used, despite its available (checked with www.cyberciti.biz/.../)

    IPSec Policy:
    IKE Settings: AES 128 / SHA2 256 / Group 14: MODP 2048 Lifetime: 7800 seconds
    IPsec Settings: AES 128 / SHA2 256 / Group 14: MODP 2048 Lifetime: 3600 seconds

    Any ideas why its now slower? It should be the same at least.
  • 0 in reply to EdmundSackbauer
    additionally, CPU is on both virtual and physical rather low <10%, and I am using only one thread/tunnel.
    This low CPU usage on physical is quite puzzling, as the core itself is 40% slower than the virtual core. If AES-NI would not be used I should see much more CPU usage.
Reply Children
No Data
Unfiltered HTML