Hello Everyone, I recently discovered that when my internet pipe (either upload or download (2Mb-down/1Mb-Up)) is saturated with traffic, the ping time to my remote site pfSense boxes is really high (sometimes 800-1000ms). My office uses pfSense (full) and all of my remote offices are connected via IPSec VPNs and use pfsense (embedded) with WRAP boards. However, when the internet pipe is saturated and the ping times get high to the remote sites, I get average ping times when pining sites that are not on our VPNs (i.e. pinging www.google.com I get ~80-100ms ping times). I thought this may be caused by the traffic shaper (even though I have all IPSec traffic as high-priority). Therefore, I turned off traffic shaping at the main office and at one of the remote sites, and ping times are still high through the VPN on high internet pipe loads. This leads me to believe it is a problem with the VPN tunnels. I know there is an extra system load for pvn traffic, but it does not make any sense to me why this only happens when there is a lot of internet traffic. NOTE: When I tested this with high internet loads, the traffic was non-vpn traffic. Any help would be much appreciated. Is there some settings I can tweak on the tunnels? I am using Blowfish for the encryption algorithm, SHA1 for the hash algorithm, DH key group = 2, lifetime = 28800 for the Phase 1 settings. Am using ESP, Blowfish, SHA1, and lifetime = 86400 for the phase 2 settings. Thanks in advance.
Mike Lee
