2

I put up a VPN server with strongswan 5.4.0 on FreeBSD 11.0-RELEASE-p1 on a RaspberryPi 2. So far it works fine, but the speed is varying and also much slower than on Raspian which I used before.

Here is the configuration:

/etc/rc.conf

hostname="rpi2" ifconfig_ue0="DHCP" sshd_enable="YES" powerd_enable="YES" # Nice if you have a network, else annoying. ntpd_enable="YES" strongswan_enable="YES" pf_enable="YES" pf_rules="/etc/pf.conf" pflog_enable="YES" pflog_logfile="/var/log/pflog" # where pflogd should store the logfile gateway_enable="YES" # Enable as LAN gateway dnsmasq_enable="YES"

/usr/local/etc/ipsec.conf

# ipsec.conf - strongSwan IPsec configuration file config setup charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2" uniqueids = never conn ikev2 left=%defaultroute leftid=example.com leftcert=VPN.crt leftsendcert = always leftsubnet=0.0.0.0/0 # leftfirewall=yes right=%any rightsourceip=10.0.0.1/24 keyexchange=ikev2 auto=add fragmentation=yes ike=aes128-sha256-ecp256! esp=aes128gcm16!

/usr/local/etc/strongswan.conf

# strongswan.conf - strongSwan configuration file charon { dns1 = 192.168.1.58 plugins { include strongswan.d/charon/*.conf } } include strongswan.d/*.conf

/etc/pf.conf

nat on ue0 from 10.0.0.1/24 to any -> (ue0)

The download speed on a connected machine is around 5 Mbit/s with Raspian it was around 20 Mbit/s. (The cpu usage is around 33 % on one core and memory usage is 44MB, so that should not be a obstacle to higher throughput)

My question I did I make some mistakes on my configuration? Want can I do to make it faster?

Also the VPN server sometimes makes XNU crash. Could this be a problem of the server?

Edit:

I just checked the connection speeds again. Download speed over VPN is around 5-8 Mbps and upload over VPN is around 13-18 Mbps. The internet connection on the raspberry should be ok, I checked it with wget which gives me around 6 MBps which is probably limited by the CPU core. On Debian both up- and download speed over VPN is around 20 Mbps. So there should be some improvements on FreeBSD? An additional question is: If I find out what the problem is, is there a way to take advantage of the multiple cores of the CPU to improve the speed even more?

Edit2:

I just checked the AES-GCM performance using OpenSSL 1.0.2j which gives me speeds around 7000kB/s. Maybe someone can explain me why I can or can not have those speeds at ESP?

Improve this question
2
  • 5Mbps seems more in line with what I get with my ARM A20... Commented Oct 5, 2016 at 16:05
  • @RuiFRibeiro well on Raspbian I had 20 Mbps. What I forgot to mention os that the download speed is around 5-9 Mbps and upload is around 14-18 Mbps. My internet connection is 100/40 Mbps so it shouldn't affect these numbers. Commented Oct 5, 2016 at 16:31

1 Answer 1

Reset to default
0

I just checked out Raspian again and I turned on parallel crypto. Now I get around 50 Mbps throughput. I think I can't achieve this with FreeBSD, so I will stay on Linux.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.