Reply
Member
Posts: 232
Registered: ‎08-29-2016
Kudos: 127
Solutions: 2

Re: USG IPsec VPN speed

Quick update, I think something funny is going on with my ISP. I tested with a pair of identical pfSense machines that serve around 250 Mbit/s on wired Gig-E via IPsec but seem unable to go above 10-15 Mbit/s when using this ISP on a 200/25 line.

I'll have to check the USG speed vs a local endpoint.
Emerging Member
Posts: 68
Registered: ‎03-13-2016
Kudos: 14
Solutions: 2

Re: USG IPsec VPN speed

[ Edited ]

@UBNT-jaffe I retested my connection and it's the same slow speeds. i can't take the "modem" out of the equation. what i meant by "modem" is the ONT for the fibre service on both ends.

 

client --> US-8 --> USG1 --> WAN --> USG2

 

both USG1 and USG2 are with the same ISP.

client is connecting to USG2 using L2TP.

 

i doubt it is an ISP problem because when i was using my other devices as the VPN server, the speeds were much higher, between 30mbps and 60mpbs.

 

separately, is there anyway to change the L2TP encryption from 3DES to AES?

 

New Member
Posts: 35
Registered: ‎08-13-2016
Kudos: 3
Solutions: 1

Re: USG IPsec VPN speed

In my case, defnitely not my FiOS connection or modem. I just built a pfSense router and I'm getting a steady 45-60 Mbps on the iKEV2/IPSEC VPN.

New Member
Posts: 6
Registered: ‎05-23-2017

Re: USG IPsec VPN speed

[ Edited ]

That's bad news, I'm new to ubiquity and was planing to replace my home net to unifi.started with my ap'S and that went well. Will now do my switches this week to. Wanted to exchange my mikrotik ccr1036 too but I get line speed on my 1/1G wan fiber and maxes out vpn.ac at around 800/800mb ipsec, this with no core above 30% util....

New Member
Posts: 4
Registered: ‎09-13-2016

Re: USG IPsec VPN speed

I am also very interested in the official "specs" on this, we are running 3 sites with USG4Ps as routers and using the site-to-site VPN I see roughly 60 mbit of VPN throughput. Icannot find anything in the specs sheets on VPN speeds that one could expect under "ideal" situations but this should be something people can / should be able to test right?

Established Member
Posts: 888
Registered: ‎08-22-2016
Kudos: 383

Re: USG IPsec VPN speed

800 Mbps symmetrical IPSec is excellent. You won't get it with UniFi.
Emerging Member
Posts: 68
Registered: ‎03-13-2016
Kudos: 14
Solutions: 2

Re: USG IPsec VPN speed

is there any update on this issue? 10mbps up/down ipsec vpn is a real bummer when both WAN sites are running 1gbps up/down.
New Member
Posts: 8
Registered: ‎07-05-2016
Kudos: 4

Re: USG IPsec VPN speed

[ Edited ]

Likewise, I am seeing poor performance on an L2TP remote user VPN. 

 

Is there a published spec for what this should be? The 2016 post below by UBNT staff seems to indicate L2TP remote user does not use hw offload and is limited to 25mbps on the USG-Pro-4P. and even less on the 3P.

 

"if using L2TP/PPTP VPPN : max out at 25 Mbps on the remote access (CPU based processing)"

 

https://community.ubnt.com/t5/UniFi-Routing-Switching/How-much-can-USG-handle/td-p/1574906

SuperUser
Posts: 9,419
Registered: ‎01-10-2012
Kudos: 5850
Solutions: 385

Re: USG IPsec VPN speed

[ Edited ]

The USG is meant for slinging packets first, everything else is secondary. 

 

Other devices often have IPSec crypto hardware, the USG does not.  The USG also has relatively anemic CPU compared to other devices (they hit the USG price point for a reason!).  


If you want fast VPN, it will cost. TANSTAAFL

 

Your better off doing VPN on something other than your router/firewall anyway from a security and stability standpoint. 

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!

Having wifi problems? Take a look here first: https://help.ubnt.com/hc/en-us/articles/221029967-UniFi-Debugging-Intermittent-Connectivity-Issues-on-your-UAP
Emerging Member
Posts: 61
Registered: ‎08-04-2014
Kudos: 18
Solutions: 2

Re: USG IPsec VPN speed

[ Edited ]

Even if not expecting superspeed (but I've paid for some sort of lunch at least) I was expecting a bit more then the 5-10 Mbps, 15 if lucky, I get with remote user VPN PPTP. All wired connections. 5.5.19

Going the opposite route ( from a wireless connection in UniFi-network, USG,USW 48p and AC Pro) and ending at my cheap ASUS-router I get 30 Mbps with PPTP VPN.

UniFi network and my ASUS router sitting on same fiberconverter/switch on a 1 Gbps connection.

 

And when running Speedtest you can see that it's not a nice line, it's up and down in speed.

Speedtest.jpg

 

 

 

 

Established Member
Posts: 888
Registered: ‎08-22-2016
Kudos: 383

Re: USG IPsec VPN speed

What is the throughput that a USG Pro can achieve via L2TP/IPSec?
Emerging Member
Posts: 61
Registered: ‎08-04-2014
Kudos: 18
Solutions: 2

Re: USG IPsec VPN speed

[ Edited ]

More questionmarks

 

If I connect from UniFi ( see above) via VPN in my ASUS-router on separate network , I can connect without problem to this site, Speedtest a.s.f.

If I connect from ASUS-router and via VPN in UniFi USG I can't connect to this site, not to Cloud Key, Speedtest a.s.f. It's a hit or miss or ... ?

Using same DNS-servers, ISP and fiber connection. And it's with same PC in both cases.

 

And I set remote user VPN PPTP according to simple instructions on YouTube, no special settings, Firewall or ...

Emerging Member
Posts: 61
Registered: ‎08-04-2014
Kudos: 18
Solutions: 2

Re: USG IPsec VPN speed

@UBNT-jaffe

Could you give us some insight in how you achieve 50 Mbps ?

Using GUI in 5.5.19 and 4.3.48 on USG. Not by json-file. SSH maybe.

If it's with Firewall or ..... that I'm missing something.

 

I only get 5-10 Mbps, a bit slow to my need, but 50 would be OK .

I have a 1 Gbps connection, so no problem there.

New Member
Posts: 4
Registered: ‎09-13-2016

Re: USG IPsec VPN speed

@pastill I have no experiance yet with the User -> Device VPN but the Site-to-Site VPN seems limited at about 55 Mbit (by something) level if you use the automatic setup.

Emerging Member
Posts: 61
Registered: ‎08-04-2014
Kudos: 18
Solutions: 2

Re: USG IPsec VPN speed

[ Edited ]

But I'm using automatic setup and still just get these limited speed. And I guess so have all the othters done too.
So what have @UBNT-jaffe done to get 50 Mbs ?

New Member
Posts: 39
Registered: ‎11-09-2016
Kudos: 4

Re: USG IPsec VPN speed

I too am getting 11mbps down over L2TP IPSEC with USG at a 100mbps site

 

Would like Ubiquiti to address this and let us know if this is the max I can exepct from USG or if there is configuration that can improve speed

New Member
Posts: 15
Registered: ‎08-05-2017
Kudos: 1
Solutions: 1

Re: USG IPsec VPN speed

I also had a very low throughtput between two USGs (something about 2-3Mbit)

 

It helped me to re-enable IPSEC offloading on the USGs.

configure
set system offload ipsec disable
commit
save
exit
reboot

after reboot

configure
set system offload ipsec enable
commit
save
exit
reboot

Now I can use about 8Mbit

Established Member
Posts: 888
Registered: ‎08-22-2016
Kudos: 383

Re: USG IPsec VPN speed

A site-to-site IPSec tunnel at 4 Mbps or at 8 Mbps is a joke. I can’t believe this is even considered a commercial product. Perhaps back in early 2000, this could be tolerable, but not in 2017.
Ubiquiti Employee
Posts: 1,217
Registered: ‎02-28-2017
Kudos: 359
Solutions: 120

Re: USG IPsec VPN speed

USG pro 4 at default settings (offloading enabled)
IPsec S2S = 160-185 Mb/s
IPsec L2TP = 40 Mb/s - 60Mb/s

Tested using Iperf3 at defaults (over 5201 tcp)
Client - Macbook Pro (2016) using a USB to 1Gb/s adapter.
10.35.35.1 (Nats to 192.168.5.5)

Server - UAS running Ubuntu Server using a 10Gb/s copper connection
192.168.30.20

Pics of iperf3 testing (done today) over L2TP on the USG pro posted below:
l2tpthroughput-usgpro(1).PNGIperf server outputl2tpthroughput-usgpro.PNGL2TP interface tcpdump and active session

Brandon Jaffe | UniFi Routing & Switching | Austin, TX
Ubiquiti Employee
Posts: 1,217
Registered: ‎02-28-2017
Kudos: 359
Solutions: 120

Re: USG IPsec VPN speed

Here's a test from speedtest.net from the L2TP client

This is going through double NAT, 3 routers, and 3 switches.


Actual pipe speed is 345Down/24Up Mb/s 

 l2tp-speedtest.jpeg

Brandon Jaffe | UniFi Routing & Switching | Austin, TX
Reply