New Content #8773
Add VPN Throughput Tuning info
pfSense Documentation site (Wiki)
Need to add a page to the docs about VPN throughput tuningExample info that needs to go on the page:
- Use AES-NI capable hardware, load the AES-NI module
- Use AES-GCM (explain its efficiency and about not using a hash and so on)
- Impact of Kernel PTI on/off
- For IPsec, set async crypto,
net.inet.ipsec.async_crypto=1( See #8772 and https://reviews.freebsd.org/D10680 )
- For OpenVPN, suggest UDP fast i/o, 512k buffer, or switch to IPsec due to slowness of context switching inherent to OpenVPN
- For extreme performance requirements, mention/link to TNSR since FreeBSD kernel IPsec can't reach near those speeds
Add in some performance data as we get it as well.
#1 Updated by Jim Pingle 4 months ago
- Status changed from New to Feedback
All this and more...