VPN

Hi

We're dealing with a problem of slow throughput between two dislocated units both running m0n0wall on Intel CPU P4 1.6 Ghz 256 RAM with 50/50 internet connection.
The problem is, that under IPSec the maximum throughput is 1.5 - 3 Mb/s. Bypassing m0n0wall throughput is normal.
The only thing I can think of is NIC. Both servers have 1 onboard 10/100 NIC (used for LAN) and 1 PCI NIC used for WAN. Since IPSec is dealing with traffic on PCI NIC I'm wondering if this could be a problem with throughput ? Can PCI NIC card (oridinary 10$ NIC for home computer) be pain in the ass :-)?
Looking for performance charts on both m0n0wall server there is no high CPU or memory during VPN connection.
Regards,
Miha

Under 'Advanced' settings page, perhaps try changing the 'Use device polling' and/or 'Allow fragmented IPsec packets'.

I'm assuming you don't have any throughput issues on normal, non-IPsec connections?

Thanks. We'll give it a try.
Yes' you're right, we don't have any throughput issues on non-IPsec connections. I'm 100% sure it's an IPsec problem

Regards,
Miha

You may also want to try playing with various IPsec settings - such as the encryption method and main/aggressive mode.

Hi iridris !

Allow fragmented IPsec packets are already enabled.
Settings like encryption method and main/aggressive mode have also been set to minimum.
But when enabling use device pooling system stops responding. After a while, we figured it out that WAN NIC doesn't support device pooling.
Do you think this could be the problem? Maybe replacing NICs for ones that support device polling will solve IPsec throughput problem?

You could try replacing that NIC. You might also want to try swapping the LAN/WAN NICs and see if that helps any as well.

What NICs are they anyway?

Thanks for answer.
WAN NICs are Realtek RTL8100C
LAN NICs are onboard from an old HP desktop.