Project

General

Profile

New Content #8773

Add VPN Throughput Tuning info

Added by Jim Pingle almost 2 years ago. Updated 4 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
VPN
Target version:
-
Start date:
08/09/2018
Due date:
% Done:

0%

Estimated time:
Affected Documentation:
pfSense Documentation site (Wiki)

Description

Need to add a page to the docs about VPN throughput tuning

Example info that needs to go on the page:
  • Use AES-NI capable hardware, load the AES-NI module
  • Use AES-GCM (explain its efficiency and about not using a hash and so on)
  • Impact of Kernel PTI on/off
  • For IPsec, set async crypto, net.inet.ipsec.async_crypto=1 ( See #8772 and https://reviews.freebsd.org/D10680 )
  • For OpenVPN, suggest UDP fast i/o, 512k buffer, or switch to IPsec due to slowness of context switching inherent to OpenVPN
  • For extreme performance requirements, mention/link to TNSR since FreeBSD kernel IPsec can't reach near those speeds

Add in some performance data as we get it as well.

History

#1 Updated by Jim Pingle 4 months ago

  • Status changed from New to Feedback

Also available in: Atom PDF