1
18.7 Legacy Series / Performance Issues With IPsec Tunnel from Home To Azure
« on: August 30, 2018, 12:02:30 am »
Quick IP Info:
Home LAN: 192.168.11.0/24
Azure LAN: 10.0.1.0/24
Azure Gateway Subnet: 10.0.0.0/24
Home WAN IP: 69.47.xxx.xxx
Azure VPN Gw IP: 13.78.xxx.xxx
Azure Test VM IP: 52.161.xxx.xxx
OPNsense 18.7.1_3-amd64
FreeBSD 11.1-RELEASE-p12
OpenSSL 1.0.2o 27 Mar 2018
Has anyone successfully set up an IPsec Site-to-Site VPN tunnel to Azure? I've spent an inordinate amount of time trying to figure out why my download performance is so poor from Azure over the IPsec Tunnel.
I'm at the point where I have everything set up, I can ping my Azure VMs from my home network, and access all open ports on my Azure VMs (including 445), but I'm experiencing some very poor network performance when testing with tools like iperf3. My upload speeds from my Home network to Azure are what I would expect, but download speeds from Azure to my home over the tunnel will work for a second or two, then drop to 0, then I get a socket time-out.
I'm looking for some troubleshooting suggestions or for someone to look at my configs and see if there's anything I could try that I'm not thinking of. I've rebooted the firewall, checked to see if the CPU was peaking, restarted the Azure VPN, checked the Azure config script for IOS to compare. tried spinning up a separate VM in Azure. Nothing seems to be working. Everything appears to to be working in theory, but in practice it's not good. I've added a bunch of screenshots to this imgur album:
https://imgur.com/a/v8AQnmH
Any help would be greatly appreciated.
Thanks!
Home LAN: 192.168.11.0/24
Azure LAN: 10.0.1.0/24
Azure Gateway Subnet: 10.0.0.0/24
Home WAN IP: 69.47.xxx.xxx
Azure VPN Gw IP: 13.78.xxx.xxx
Azure Test VM IP: 52.161.xxx.xxx
OPNsense 18.7.1_3-amd64
FreeBSD 11.1-RELEASE-p12
OpenSSL 1.0.2o 27 Mar 2018
Has anyone successfully set up an IPsec Site-to-Site VPN tunnel to Azure? I've spent an inordinate amount of time trying to figure out why my download performance is so poor from Azure over the IPsec Tunnel.
I'm at the point where I have everything set up, I can ping my Azure VMs from my home network, and access all open ports on my Azure VMs (including 445), but I'm experiencing some very poor network performance when testing with tools like iperf3. My upload speeds from my Home network to Azure are what I would expect, but download speeds from Azure to my home over the tunnel will work for a second or two, then drop to 0, then I get a socket time-out.
I'm looking for some troubleshooting suggestions or for someone to look at my configs and see if there's anything I could try that I'm not thinking of. I've rebooted the firewall, checked to see if the CPU was peaking, restarted the Azure VPN, checked the Azure config script for IOS to compare. tried spinning up a separate VM in Azure. Nothing seems to be working. Everything appears to to be working in theory, but in practice it's not good. I've added a bunch of screenshots to this imgur album:
https://imgur.com/a/v8AQnmH
Any help would be greatly appreciated.
Thanks!