Speed drops noticeably once pfSense is transferred to new equipment
Speed drops noticeably once pfSense is transferred to new equipment
I recently upgraded pfSense to a new hardware setup (two xeon e5-2620 processors with 16GB RAM) using a fresh installation. The WireGuard speeds are noticeably slower compared to running the WireGuard client on Windows and connecting to the same server as before (FX-7600p with 4GB RAM). I'm always linking to the identical server across all tests—without a VPN: downloads around 924MB down 511MB up while using WireGuard on my Windows PC. The speeds vary between roughly 400-700MB per second most of the time. On pfSense, the numbers are similar. This also fluctuates when I change servers or ports. I've also adjusted MTU/MSS settings to 1420 and even tried lowering it to 1280, but it didn't improve performance.
The variation in results isn't fully clear, yet the E5-2620 appears to lag in single-thread tasks. Since you're using dual-core Xeon, it's possible the workload is being handled in a virtual environment, which might affect performance.
To clarify further, if running in a virtual machine, which hypervisor are you employing? I recall with Proxmox I needed to adjust the CPU settings so it wouldn’t emulate, but instead function as a real system, enabling hardware acceleration for encryption/decryption in PFSSense.
It isn't running in a virtual machine. I saw a slight slowdown with single-threaded tasks—two FX-7600P units scored around 1200 points on passmark, while the other model with more results hit about 900 Mbps. It looks like performance might be limited by the CPU rather than the network. The 2667v2 and 4627v2 chips are quite affordable. Bridged interfaces usually deliver only ~2.7Gbps, which isn’t impressive, so the warning about bridging probably isn’t the main issue. You could check how each core handles the test to see if the bottleneck is real.
What system are you using? You could upgrade to a pair of faster CPUs, such as two E5-2667 v2 models. Based on your firewall requirements, a Haswell or Skylake era desktop with a few additional network cards might be more suitable. This would also reduce power consumption significantly.
AES-NI appears inactive when it seems unrelated; likely the same issue existed on the previous router too. Setting the CPU to 'host' in Proxmox VM settings is another method—check your specific configuration steps. Improving performance could definitely help.
The old EMC server running an Intel Server Board S2600GZ should work with v2 CPUs. I’m moving servers around to exchange some processors, as my other setup has 2667 v2s that need more cores due to many VMs. I’m interested in how they achieved such strong performance from a small chip.
I turned on PowerD at full power and saw speeds jump to around 250mbps. When I switch to faster single-threaded CPUs, I’ll look into the BIOS for any settings that might be disabled, because an 8% drop in performance (like from ~1110 to ~1200 points) would really slow things down.
It’s set up in Proxmox under the VM’s hardware configuration. You choose the CPU and pick “host.” I’m a bit puzzled—does PFSense run in bare metal or in a virtual environment? The screenshot suggests bare metal, yet it claims to support AES-NI, though it isn’t actually enabled in PFSense settings. If it’s running bare metal, the main concern is why you’re deploying PFSense on that machine. Are you handling a large number of users? I use PFSense on two threads in my lab and it has plenty of capacity beyond what’s required.
Pfsense runs directly on hardware, not in the cloud. The Proxmox setup is a different topic altogether. Yes, I discovered it when I turned on PowerD under advanced settings. Honestly, it was affordable and offers the connections I needed. I favor bare metal for my router instead of virtualizing it, which let me install a 10GbE SPF+ card I already owned plus several RJ45 ports for things like isolating VMs or routing traffic through a VPN without impacting the rest of the network.