Pfsense performance debugging


I just recently setup pfsense as my SMB router+firewall. The UI is intuitive, things work, but I have a major performance issue.
Clients on the LAN have good network performance (1Gbps down, 200 Mbps up).
But clients outside the LAN, using OpenVPN (on pfsense), or OpenVPN / Wireguard on a secondary server all see 2.0 Mbytes/sec (measured with iperf).
And when that transfer happens, it is regardless of the endpoint servers they go to. The pfsense UI shows almost no CPU usage.
What could be the issue here? How come clients on the LAN itself can easily achieve high network throughput on an internet speed test but through VPN it all goes to a crawl, and specifically to 2 Mbytes/sec (regardless of VPN server, client or endpoint).

Thank you in advance for any tips,

– Lawrence

Do you have any security services running on there that might be inspecting all the packets? i.e. any plugins you could temporarily disable?

Think I’ve had issues with the above tickboxes as well. Changing them improved performance for me. Are you using TCP or UDP for the VPN? Think UDP performs better.

A few factors in VPN speed are the hardware running on pfsense itself, the client hardware, the client network speed. If they client does not have a fast connected or has slow hardware the pfsense will not be where the issue is.

Thank you for the quick replies!
I do have all the defaults on the network interface hardware offloading, I tried disaling also the hardware checksum offload, no difference.
I ran a test to eliminate VPN from the equation. I opened port ssh on pfsense from WAN, and with ssh keys setup, I can ssh into pfsense without any VPN. I did a quick test of copying a 100 Mbyte file and the speed was still at ~ 2Mbytes/s , which is well below what the outside client could do.
I tried looking for any packet inspection but I could find none. I will keep on tweaking those network interface options and see if there is luck.