IPSec vs OPENvpn

**belyache** · 07-11-2011, 02:20 PM

Hi all:

I have an OPENvpn connection site-to-site, the connection seems to be slow, I am sure there is an overhead reason for this which is understandable.

I was wondering now that Untangle supports IPSec VPN, are there any advantages to using IPSec instead of OPENvpn for speed improvements, or is speed degraded even more with IPSec vpn?

Any thoughts would be helpful.

Thanks

Glenn

**dmorris** · 07-11-2011, 02:24 PM

I'd be surprised to see speed degradation in either case.
They will probably both run much faster than your WAN will support on a tiny little CPU.

If you are seeing real speed degradation, you might have an issue. DNS? MTU? etc.

You could give IPsec a try. It might be faster in your case, but I wouldn't say either is generally faster than the other because there are other limiting factors most of the time.

**belyache** · 07-12-2011, 08:11 AM

I have a remote cable connection with 2M up and 5M down on one end, and local 5m up and 20M down on the other.

I get a throughput of around 500-600k using OPENVPN, mostly this is upload from the local site. It has been a while since I looked at the speed, and the router died at the opposite end, so I cannot get live info right now.

Glenn

**sky-knight** · 07-12-2011, 08:50 AM

I highly doubt you have 2/5M cable. You likely have 2/5mb cable. M isn't a storage indicator, and the capital M indicates MegaBytes. The small m indicates MegaBits.

2MegaBits of information converts to 256KiloBytes of information. So if you're getting 500-600KB of transfer according to your browser, your ISP is delivering twice the speed you're paying for.

Be careful with those numbers they can really bite you! I have a DOCSIS 3.0 customer down the street, I have DOCSIS 3.0. I have 10/100mb speeds, as do they. I can transfer files from my systems to their servers at around 1MegaByte per second. That's a hair under full 10megabit utilization.

From what you're saying, it looks to me like your system is working as intended.

**jcoffin** · 07-12-2011, 08:53 AM

Obviously there is a direct relation between encrypted WAN speed and CPU power. Take a look at the CPU load during the speed test.

**dmorris** · 07-12-2011, 09:09 AM

Originally Posted by jcoffin

Obviously there is a direct relation between encrypted WAN speed and CPU power. Take a look at the CPU load during the speed test.

Except that there is no correlation if CPU isn't your limiting factor.
Maybe you're using a 486?

**sky-knight** · 07-12-2011, 09:21 AM

I've seen Untangle VPN slow down under load. Get a CPU spike of 10 or more while running multiple spam checks while moving a file. It will slow down!

But I agree, an Untangle doing nothing but VPN isn't going to slow down due to CPU... ever.

**belyache** · 07-12-2011, 09:38 AM

Sky-knight... Thanks.

I do understand the lingo, I have been around a while.

I was making a generalization that most here understand. If talking internet speed I say, 2M upload, most understand this is 2 megabits per second, if I were to write it properly it would be 2Mbps (2 Megabits per second), not 2mbps. 2MBps is 2MegaBytes per second. I also mixed my cases in different sentences... my bad. I didn't realize I was going to get into a semantics match.

I do however understand what you are saying. As I said previously, my external router is down so I cannot give exact numbers for speed. I may have been off on the 500-600K, I was writing from memory from about 3 months ago . When it is back up I will post again with the right numbers.

Originally Posted by sky-knight

I highly doubt you have 2/5M cable. You likely have 2/5mb cable. M isn't a storage indicator, and the capital M indicates MegaBytes. The small m indicates MegaBits.

2MegaBits of information converts to 256KiloBytes of information. So if you're getting 500-600KB of transfer according to your browser, your ISP is delivering twice the speed you're paying for.

Be careful with those numbers they can really bite you! I have a DOCSIS 3.0 customer down the street, I have DOCSIS 3.0. I have 10/100mb speeds, as do they. I can transfer files from my systems to their servers at around 1MegaByte per second. That's a hair under full 10megabit utilization.

From what you're saying, it looks to me like your system is working as intended.

**sky-knight** · 07-12-2011, 10:20 AM

Ahh, well I didn't mean to demean you in any way. We do get people in here from time to time that simply don't understand how those measurements work.

Honestly, there are some days the "professionals" in this industry scare the heck out of me! I was simply trying to be clear.

To add some information that may help you. SMB as a protocol isn't tuned very well for WAN links. So performance of Windows File and Print sharing over any VPN I've ever worked with is atrocious. FTP is more stable, but it also has an overhead issue with higher speed links.

Thread: IPSec vs OPENvpn

LinkBack

Thread Tools

IPSec vs OPENvpn

Posting Permissions