01-21-2018 05:22 AM
yeah.. alot of us would like better speeds.
I can iPerf around 50Mbits/s
SMB transfer is around 5Mb/s which correlates to the iPerf.
This is autoVPN between 2 unix boxes and 1 USG-Pro & 1 USG-3
WAN lines are 500/500 & 1000/1000
Would like to see a bit more throughput!
05-14-2018 11:48 PM
Having issue here as well with Site to Site VPN. USG Pro to Edge Pro over IPsec. I have not started testing but SMB transfers are really slow. Hopfully a tweak in the firmware can resolve and be released soon.
09-03-2018 07:33 AM
(Posted here in addition to the 4.2.8 thread so that everyon who has subscribed to this thread will be notified of the improvement)
Firmware 4.4.28 significantly improves performance between my two USG Pro's:
IPSEC VPN performance has gone from 60Mbps in 4.4.26 to 80-90Mbps with 4.4.28. While this is still well short of the 256 Mbps I can get between the sites without a VPN, it is still a very significant improvement and much appreciated.
Site 1: USG Pro, symmetrical 1 Gbps fiber
Site 2: USG Pro, 400/20 Mbps cable
Ping time between the sites is 8ms.
IPSEC Site-to-site between two USG Pro's
Dynamic routing is ON (doesn’t pass traffic otherwise)
DH Group 14
Perfect forward secrecy: OFF
To measure performance
iperf3 -s <— on server
Iperf3 -c <server name> -P 4 <- on client
I'm curious as to what exactly led to the improvement and if anyone else sees the same improvement.
09-03-2018 08:42 AM
It's time for UBNT to release a new USG in the $300 range that can push at least 350 Mbps in encrypted throughput and multiples of 1 Gbps in unencrypted throughput (for inter-VLAN routing, for example). The long rumored small footprint USG-HD - where are you? I can't wait.
10-24-2018 02:37 PM
I don't know what changes have been made in firmware/updates lately, but whatever I was running to the most current has resolved all my issues. I use to be locked at about 800k/s uploading from a 100mbit vpn connection. Now I'm getting around 3.2MB/s.
10-26-2018 07:12 AM - edited 10-26-2018 07:15 AM
Considering I have 120 other people behind my firewall at work and I'm uploading somewhere in the 3-4MB/s range to my house site to site vpn, yes I consider it resolved. Its definitely way better thna it was. I don't know if I should expect more over a tunnel like this. It could be a limitation on Xfinity at my house that I'm not aware of .
Prior to this last round of updates I performed, I was locked in at 800k/s over an ipsec tunnel uploading.
10-26-2018 07:20 AM - edited 10-26-2018 07:26 AM
I have pfSense running on a three-year-old fanless micro PC (Fitlet) with a weak AMD CPU and 4 GB of RAM, and I can do IPSec VPN at 170 Mbps. Comcast has nothing to do with this.
All I'm saying is do not settle for 3-4 Mbps to be considered "resolved." Cheap Cisco branch 831 routers fifteen years ago could do three times the IPSec VPN throughput of what you are getting now with the USG.
I'm not bashing UBNT. I really want to replace my pfSense with a USG. I just don't understand these single-digit VPN throughput metrics at all. There needs to be a new hardware archtiecture created for the USG, as the current one is obvously inadequate.
10-26-2018 07:30 AM
I did use to get faster, I guess I'm just happy that I'm getting 3-4MB/s now compared to 800k/s
I wonder why the USG seems to be limited in this
10-26-2018 08:15 AM
@sirozha Seems like you're confusing MB/s with Mb/s. And just because one user gets around single digit throughput (which really isn't single throughput when you convert bytes to bits), doesn't mean it's the hardware at fault.
I just went ahead and tested s2s between 2x USG pro 4's on 4.4.29 each:
10-26-2018 08:19 AM - edited 10-26-2018 08:23 AM
OK. So, I did confuse Mbps with MBps (or rather didn't pay enough attention). Therefore, the reported throughput is between 24 Mbps and 32 Mbps.
The reason I posted this was that I have been reading about people complaining about very low IPSec VPN throughputs on the USG for two years now. So, considering a purchase of a USG myself, I am sincerely interested in any official benchmarks.
The test you have just run is on par with my pfSense box, and the price of the USG-Pro is similar to what I paid for the box that I purchased for pfSense (~$350 USD). My Fitlet micro-computer is about 1/8th of the USG-Pro size, though.
10-26-2018 08:24 AM
Another thing that is VERY ANNOYING is the lack of ability to supernet the tunnel. Very limited here.
10-26-2018 08:29 AM
I still would like to see a USG box that is four times as powerful as the USG Pro and 1/4 of the size with four-to-eight 1Gbps/10 Gbps interfaces (to be used for inter-VLAN routing in the absence of an L3 switch) and all under $500.
01-13-2019 08:00 AM - edited 01-13-2019 08:02 AM
These speeds of about 30Mbps are absolutely dire. I have an ancient box running Opnsense that I picked up for $70 and with its terrible and very old dual-core 1GHz CPU it is giving more than double that performance on VPN.
There's no doubt about it, the hardware of all models of the USGs are completely out-of-date. I'd love to swap my opnsense box for a USG as the software looks pretty good, but the hardware at the moment is laughable. They need to either update or cancel the USGs.