Reply
Emerging Member
Posts: 44
Registered: ‎02-24-2016
Kudos: 2

Re: USG IPsec VPN speed

yeah.. alot of us would like better speeds. 

 

I can iPerf around 50Mbits/s 

 

SMB transfer is around 5Mb/s which correlates to the iPerf.

 

This is autoVPN between 2 unix boxes and 1 USG-Pro & 1 USG-3

 

WAN lines are 500/500 & 1000/1000

 

Would like to see a bit more throughput!

Established Member
Posts: 878
Registered: ‎08-22-2016
Kudos: 381

Re: USG IPsec VPN speed

This is a pathetic VPN performance. We need the USG-HD-8 badly with a hardware VPN accelerator.

Sent from my iPhone
New Member
Posts: 3
Registered: ‎02-08-2017

Re: USG IPsec VPN speed

Have the same issue... Any updates on this? Is it SW or HW issue? 

New Member
Posts: 3
Registered: ‎09-26-2017

Re: USG IPsec VPN speed

Having issue here as well with Site to Site VPN. USG Pro to Edge Pro over IPsec. I have not started testing but SMB transfers are really slow. Hopfully a tweak in the firmware can resolve and be released soon.

New Member
Posts: 16
Registered: ‎01-01-2017
Kudos: 9

Re: USG IPsec VPN speed

 

(Posted here in addition to the 4.2.8 thread so that everyon who has subscribed to this thread will be notified of the improvement)

 

Good news!

 

Firmware 4.4.28 significantly improves performance between my two USG Pro's:

 

IPSEC VPN performance has gone from 60Mbps in 4.4.26 to 80-90Mbps with 4.4.28.  While this is still well short of the 256 Mbps I can get between the sites without a VPN, it is still a very significant improvement and much appreciated.

 

Site 1: USG Pro, symmetrical 1 Gbps fiber

Site 2: USG Pro, 400/20 Mbps cable

Ping time between the sites is 8ms.

 

Firmware: 4.4.28
IPSEC Site-to-site between two USG Pro's
Dynamic routing is ON (doesn’t pass traffic otherwise)
IKEv2
AES 128
SHA1
DH Group 14
Perfect forward secrecy: OFF

 

To measure performance

 

iperf3 -s <— on server

Iperf3 -c <server name> -P 4      <- on client

 

I'm curious as to what exactly led to the improvement and if anyone else sees the same improvement.

 

Established Member
Posts: 878
Registered: ‎08-22-2016
Kudos: 381

Re: USG IPsec VPN speed

This is still pretty dismal, IMHO. The Pro should provide at least 250 Mbps encrypted traffic for the price. I can get 250 Mbps of IPSec-encrypted traffic with an off-the-shelf mini-computer running pfSense, costing the same as the USG-Pro with 1/5th of the USG-Pro size.

It's time for UBNT to release a new USG in the $300 range that can push at least 350 Mbps in encrypted throughput and multiples of 1 Gbps in unencrypted throughput (for inter-VLAN routing, for example). The long rumored small footprint USG-HD - where are you? I can't wait.
New Member
Posts: 8
Registered: ‎06-12-2018

Re: USG IPsec VPN speed

I don't know what changes have been made in firmware/updates lately, but whatever I was running to the most current has resolved all my issues.  I use to be locked at about 800k/s uploading from a 100mbit vpn connection.  Now I'm getting around 3.2MB/s.



Established Member
Posts: 878
Registered: ‎08-22-2016
Kudos: 381

Re: USG IPsec VPN speed

You call this resolved?
New Member
Posts: 8
Registered: ‎06-12-2018

Re: USG IPsec VPN speed

[ Edited ]

Considering I have 120 other people behind my firewall at work and I'm uploading somewhere in the 3-4MB/s range to my house site to site vpn, yes I consider it resolved. Its definitely way better thna it was.  I don't know if I should expect more over a tunnel like this.  It could be a limitation on Xfinity at my house that I'm not aware of .

Prior to this last round of updates I performed, I was locked in at 800k/s over an ipsec tunnel uploading.

Established Member
Posts: 878
Registered: ‎08-22-2016
Kudos: 381

Re: USG IPsec VPN speed

[ Edited ]

I have pfSense running on a three-year-old fanless micro PC (Fitlet) with a weak AMD CPU and 4 GB of RAM, and I can do IPSec VPN at 170 Mbps. Comcast has nothing to do with this. 

 

All I'm saying is do not settle for 3-4 Mbps to be considered "resolved." Cheap Cisco branch 831 routers fifteen years ago could do three times the IPSec VPN throughput of what you are getting now with the USG. 

 

I'm not bashing UBNT. I really want to replace my pfSense with a USG. I just don't understand these single-digit VPN throughput metrics at all. There needs to be a new hardware archtiecture created for the USG, as the current one is obvously inadequate. 

New Member
Posts: 8
Registered: ‎06-12-2018

Re: USG IPsec VPN speed

OK. I'll agree with that... Still at least it's better.


I did use to get faster, I guess I'm just happy that I'm getting 3-4MB/s now compared to 800k/s


I wonder why the USG seems to be limited in this
Ubiquiti Employee
Posts: 1,211
Registered: ‎02-28-2017
Kudos: 358
Solutions: 119

Re: USG IPsec VPN speed

@sirozha Seems like you're confusing MB/s with Mb/s. And just because one user gets around single digit throughput (which really isn't single throughput when you convert bytes to bits), doesn't mean it's the hardware at fault. 

I just went ahead and tested s2s between 2x USG pro 4's on 4.4.29 each:
vpntest1.PNGvpntest2.PNGvpntest3.PNGvpntest4.PNG

Brandon Jaffe | UniFi Routing & Switching | Austin, TX
Established Member
Posts: 878
Registered: ‎08-22-2016
Kudos: 381

Re: USG IPsec VPN speed

[ Edited ]

OK. So, I did confuse Mbps with MBps (or rather didn't pay enough attention). Therefore, the reported throughput is between 24 Mbps and 32 Mbps.

The reason I posted this was that I have been reading about people complaining about very low IPSec VPN throughputs on the USG for two years now. So, considering a purchase of a USG myself, I am sincerely interested in any official benchmarks.

 

The test you have just run is on par with my pfSense box, and the price of the USG-Pro is similar to what I paid for the box that I purchased for pfSense (~$350 USD). My Fitlet micro-computer is about 1/8th of the USG-Pro size, though. 

New Member
Posts: 8
Registered: ‎06-12-2018

Re: USG IPsec VPN speed

I agree that the max throughput still isn't happening. Testing to other ipsec tunnels or other hardware at the endpoint does result in faster tunnel transfers. It's better, but still not 100% fixed.

Another thing that is VERY ANNOYING is the lack of ability to supernet the tunnel. Very limited here.

Established Member
Posts: 878
Registered: ‎08-22-2016
Kudos: 381

Re: USG IPsec VPN speed

I still would like to see a USG box that is four times as powerful as the USG Pro and 1/4 of the size with four-to-eight 1Gbps/10 Gbps interfaces (to be used for inter-VLAN routing in the absence of an L3 switch) and all under $500.

New Member
Posts: 1
Registered: ‎01-04-2019
Kudos: 1

Re: USG IPsec VPN speed

[ Edited ]

These speeds of about 30Mbps are absolutely dire.  I have an ancient box running Opnsense that I picked up for $70 and with its terrible and very old dual-core 1GHz CPU it is giving more than double that performance on VPN.

 

There's no doubt about it, the hardware of all models of the USGs are completely out-of-date.  I'd love to swap my opnsense box for a USG as the software looks pretty good, but the hardware at the moment is laughable.  They need to either update or cancel the USGs.

Highlighted
Established Member
Posts: 878
Registered: ‎08-22-2016
Kudos: 381

Re: USG IPsec VPN speed

[ Edited ]

What is the IPSec VPN throughput like with the Edge router line? 

 

Reply