If you encounter performance problems trough a bovpn with a WatchGuard nv5 this might be a solution:

HQ: T45
Branch: NV5

Here are some iperf tests:

IKEV2 Phase1: AES-GCM128 DH20 Phase2: ESP AES-GCM128
-----
Branch > HQ
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 6.15 MBytes 5.16 Mbits/sec sender
[ 4] 0.00-10.00 sec 6.10 MBytes 5.11 Mbits/sec receiver

HQ > Branch
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 16.0 MBytes 13.4 Mbits/sec sender
[ 4] 0.00-10.00 sec 16.0 MBytes 13.4 Mbits/sec receiver

IKEV1 Phase1: SHA1 AES128 DF2 Phase2: ESP AES-GCM128
-----
Branch > HQ
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 8.98 MBytes 7.53 Mbits/sec sender
[ 4] 0.00-10.00 sec 8.88 MBytes 7.45 Mbits/sec receiver

IKEV1 Phase1: SHA2-256 AES128 DF14 Phase 2: ESP SHA2-256 AES128
-----
Branch > HQ
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.01 sec 20.3 MBytes 17.0 Mbits/sec sender
[ 4] 0.00-10.01 sec 20.3 MBytes 17.0 Mbits/sec receiver

IKEV2 Phase1: SHA2-256 AES128 DF14 Phase 2: ESP SHA2-256 AES128
-----
Branch > HQ
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.01 sec 20.4 MBytes 17.1 Mbits/sec sender
[ 4] 0.00-10.01 sec 20.4 MBytes 17.1 Mbits/sec receiver

HQ> Branch
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 21.3 MBytes 17.9 Mbits/sec sender
[ 4] 0.00-10.00 sec 21.3 MBytes 17.8 Mbits/sec receiver

>> against the recommendation from WatchGuard there will be better performance without AES-GCM
>> this could be due to the missing hardware crypto chip (only a supposition)

computer2know :: thank you for your visit :: have a nice day :: © 2024