Announcement

Collapse
No announcement yet.

Is an Untangle/Arista IPsec VPN faster then a site to site OpenVPN connection?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Is an Untangle/Arista IPsec VPN faster then a site to site OpenVPN connection?

    Trying to improve the speed of a site to site connection from a clients office network to their server in our data center. Both the on-site and cloud units are fully licensed. Would switching them over to IPsec give any better performance?
    Tags: None
  • #2
    The speed of a VPN link generally has more to do with the quality of the ISP on both ends and ability of the end-user hardware to offload the routing to the network chip rather than do it in the CPU. The specific VPN technology used is the least important factor.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5.2 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

    Comment

    • #3
      Originally posted by djrees View Post
      Would switching them over to IPsec give any better performance?
      It might, but no guarantees. As jcoehoorn points out, it's more likely other factors affect this a great deal more than the VPN you're using, but with that said, OpenVPN does have a 20-25% overhead 'cost'. IPsec might be more bandwidth-friendly. Just be sure to completely remove the OpenVPN routes before creating the IPsec tunnel or you'll have routing conflicts.
      Græme Ravenscroft • Technical Marketing Engineer
      ('gram', like the unit of measurement)
      he/him
      Please don't reboot your NGFW.
      How can we make Arista ETM products better?

      Comment

      • #4
        Since they are fully licensed why not try wireguard? Supposed to have less overhead. I haven't got around to testing it yet.

        Comment

        • #5
          Originally posted by jcoehoorn View Post
          The speed of a VPN link generally has more to do with the quality of the ISP on both ends and ability of the end-user hardware to offload the routing to the network chip rather than do it in the CPU. The specific VPN technology used is the least important factor.
          The hardware is a Z4+ at the clients site and a Hyper-V VM running on our data center servers. So I think we are good hardware wise. Was hoping that IPsec would allow more bandwidth.
          Did some iperf3 tests with the OpenVPN site to site connection to have a baseline. Will see what difference it makes after.

          Comment

          • #6
            Originally posted by donhwyo View Post
            Since they are fully licensed why not try wireguard? Supposed to have less overhead. I haven't got around to testing it yet.
            Tried WireGuard. Had to put it back to OpenVPN, with WireGuard site to site tunnel up, the workstations at the clients site lost communication with the server in the data center.

            Comment

            • #7
              Looking to do this between an Untangle firewall and a SophosXG/pfsense firewall, I assume ipsec would be the way to go? The Untangle is using an E3845 Atom CPU, where as the currently pfsense unit is using an i3-6100T.

              The alternative is I'll configure OpenVPN client and use the client on a laptop, the aim is to remotely support a family network.

              Comment

              Previous template Next
              Working...
              X