I'm using 3DES SHA1. Haven't tried different settings.  Did notice that the SA520 wanted to be AES at first and I had to go in and set it all to 3DES.  What do you recommend?

Jeff,

I would test the lowest encryption first. The RV120W Data Sheet does not specify what was used to get 25Mbps. If you see better results with lower settings you will have to decide if a compromise is worth it.

- Marty

Thanks Marty,

I had to wait for workers to not be present, but unfortunately changing the VPN Policy Algorithm to DES made no impact.  I also tried AES-128 and got a minor change.   Then, for the sake of testing, I put the policy encryption to "none" and really only saw a moderate impact.  Instead of 7 Mbps, I got 10, which is still half the speed of the slowest connection stream.  I did change the IKE policy to AES-128, but figured as this was just for the negotiation phase, it really wouldn't make a difference once the tunnel was up.  Any more thoughts?

Jeff,

I can't think of anything else to try in regards to the VPN settings. Maybe try temporarily disabling everything under Firewall-> Attack Prevention on the RV120W? I remember some customers having speed issues with some of those settings checked.

What speeds do you get if you do a speed test from each router at speedtest.net?

- Marty

100 Mbps down, 20+ up at each location

Hi!

Did you check the latency between the two sites? Eats up your VPN performance...

Regards

Pleaase advise, ciscodrossy, how would I check latency exactly?

google is your friend (as the NSA would say ;-) )

https://serverfault.com/questions/375278/debug-vpn-latency

:-)

Next best guess is the MTU...

I yield much better results since I switched from IPsec to OpenVPN tunnels, but one of the main issues to check first is the connectivity between your sites.

Have fun!

I ran WinMTR for a few days.  Please see attachments.  The only thing the disturbs me about the trace to the other site (server03) is that non-responsive hop after the router.  Clearly there was a huge hit in the trace at one point, but the average doesn't look too bad to me.  What do you think?

https://doc.pfsense.org/index.php/VPN_Capability_IPsec

...I remember a statement that anything beyond 60 msec can make IPsec painfully slow, especially with protocols like samba. Your connection appears to have (frequent?) hickups with 4000+ msec latency, might prevent real fast data transfer. Did you check the MTU on both ends of the tunnel?

Also interesting

https://forum.pfsense.org/index.php?topic=64823.0

...not to forget about this funny piece of Soviet technology:

https://firstlook.org/theintercept/document/2014/03/12/vpn-voip-exploitation-hammerchant-hammerstein/