FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,253 views 6 comments
by anonymous
Hello All,

As above, what is the expected (max) IPSec throughput on RUT240 unit?

Thanks,

Myky
by anonymous
____________

1 Answer

+1 vote
by anonymous

Hi,

We've done tests, but only for RUT9XX. The max speed that we got was around 26 Mbit/s. The configuration used was:

IKE version: IKEv1
Mode: Main
Type: Tunnel

Phase 1:

  • Encryption algorithm: AES128
  • Authentication: MD5
  • DH group: MODP768

Phase 2:

  • Encryption algorithm: AES128
  • Authentication: MD5
  • PFS group: NO PFS
Best answer
by anonymous
Perfect! Thank you Dziugas
by anonymous
Thanks for posting this. Using RUT2_R_00.07.03.4 my results were only around half of the above—around 1.40MB/sec (~12Mbit/s).  It's pretty slow.

Would Wireguard be faster?
by anonymous
It should, on a RUTX11 I have a factor of two in favor of  Wireguard.
by anonymous
Thanks. In this case it's a RUT240. Not sure if that 2x would also apply here. I'll see if I can test later.
by anonymous
@flebourse In case you (or anyone else) were wondering, I stood up a Wireguard site-to-site tunnel today between a RUT240 running 7.03.4 and a pfSense firewall in a datacenter. The unit had been running an IKEv2 IPSEC tunnel previously. I disabled that and built a new WG configuration.

This unit only has a 100Mbit uplink, so not an ideal test of max. thruput, but I can say that the Wireguard tunnel performs very well, about 15% faster thruput, and uses only ~40% CPU where the IPsec was above 93% consistently while saturating the tunnel. So I'm going to stick with Wireguard and see how it goes.