Project

General

Profile

Actions
Copy link

Bug #5038

closed

Slow download speeds over IPSec (roadwarrior setup)

Added by Rein van Meeteren over 8 years ago. Updated over 8 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
08/26/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

Hi there,

We experience an issue with downloading speeds being very slow over IPSec. The uploads speeds are okay, but downloading generally does not exceed 30Kb/sec.

We have a road warrior setup and the client is the default VPN client in Mac OSX Yosemite. Our PFsense box is running the following version:
2.2.5-DEVELOPMENT (amd64)
built on Tue Aug 11 01:28:24 CDT 2015
FreeBSD 10.1-RELEASE-p17

The CPU usage is when downloading is generally not above 1%. The PFSense box has an 100Mbit up/down link and so does the internet connection of the client.

We have "Enable MSS clamping on VPN traffic" enabled at 1280 to be certain but an analysis with ICMP pings doesn't show an issue with the default MTU size.

We use the following configuration:
Phase 1:
Mutuals PSK + XAuth
Phase 1 encryption: AES 128 bit, SHA1
DH Key group: DH2
NAT Traversal: Force

Phase 2:
ESP
Encryption algorithm: AES 128 Bit
Hash: SHA1
PFS Key group: off

Can someone please help debug this issue? It is slowly driving me mad...

Actions
Copy link
 #1

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Not a Bug
  • Affected Version deleted (2.2.4)

nothing here to indicate a bug, please use one of the available support resources for assistance. https://pfsense.org/support

Actions
Copy link
 #2

Updated by Rein van Meeteren over 8 years ago

Hi Chris,

I don't really understand why this isn't regarded as a bug. I'm not asking for help to achieve the correct settings. The issue/bug that we are seeing is that with the provided settings the IPSec connection downstream is very slow while this is not true for the upstream. Why can't this be caused by a bug in the software?

If more information is needed I'm happy to supply.

Actions
Copy link
 #3

Updated by Chris Buechler over 8 years ago

it could be, but much more likely it's some other kind of issue (general network problem, invalid testing methodology, among other possibilities). As is, this doesn't meet the requirements for a bug report. This isn't a place to track down things that might be, but probably aren't, bugs.
https://doc.pfsense.org/index.php/Bug_reporting

Actions
Copy link

Also available in: Atom PDF