![]() ![]() iperf3 -w 1M -c 192.168.0.13 -t120įrom a host behind the FW4C to a host behind the MBT-2220 running. Here's 'top -HaSP' from an SSH into the MBT-2220 when I'm running. Ping from a host behind the FW4C directly to the MBT-2220 reports 10 ms, with very low variability. ![]() What does top -HaSP shop is using the CPU on the MBT? I would expect it to pass significantly more than 100Mbps IPSec if that's all that's using the CPU cycles. Though I'm hoping that upgrading the MBT-2220 box to another FW4C at the main office will get me closer to line said in Just got a Protectli FW4C!: I did not capture CPU usage between the SG-1100 and the MBT-2220, but maybe I'll do that later tonight when everyone else goes to bed. So I'm back to where I was with the SG-1100 and AES-GCM/SafeXce ️, but hopefully more stable. It was interesting to note that enabling async crypto on either box reduced the throughput by ~10%. iperf is NOT running on the pfsense box itself), so the CPU and temps had plenty of time to stabilize. These screen caps were taken during a 120s run of iperf3, between two hosts behind each respective pfsense appliance (e.g. 0.00-120.00 sec 2.05 GBytes 147 Mbits/sec receiverīut it's clear from the dashboard that I'm limited by the MBT-2220: CE or whether it's because of the all-VLAN config of the SG-1100, but it was easier to just import the APU config since all the major settings were identical.Īfter some fiddling I was able to get iperf through the tunnel up to ~150 Mbps: Interval Transfer Bandwidth I don't know whether the problem was that it was pf+ vs. ![]() Setup was straightforward, although I had to import a config from an APU that preceded the SG-1100, because the FW4C didn't like the config from the SG-1100/pf+22.05. Protectli was out of stock, but amazon had them available, and I got one the very next day. I saw that Protectli had recently released their FW4C product with 2.5 Gbps ports and ~980 Mbps advertised IPSec/AES-GCM-128 performance, so I bought one to try out at my home office. I've had a 100 Mbps IPSec/AES-GCM-128 tunnel between my home office (SG-1100/pf+22.05) and my main office (MBT-2220/pfCE 2.60), despite I have 1000/1000 service in both locations, so I was looking to upgrade my throughput so I can use my home office as an offsite repository for my backup system, and for general WFH productivity. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |