"
Hello guys,
I have a policy-based IPSEC-tunnel between two networks which is extremly slow.
Site A) has a 100/100Mbit sync fiber-line
Site B) has a 400/50Mbit async line
I'm currently reaching 4!!! Mbit via my VPN-tunnel.
It is only related to IPSEC-VPN. When I use a openVPN roadwarrior connections everything is fine.
The log files do not show any errors or warnings.
My settings are quite basic:
Settings:
Proposals: aes256-sha512-ecp521 [DH21, NIST EC]
Version: IKEv2
MOBIKE: enabled
DPD delay: 10s
Pools: nothing
Authentication: Public key
Children:
Mode: Tunnel
Policies: enabled
Start action: Start
Stop action: Start
DPD action: Start
ESP-proposals: default
Rekay time: 36600
I also tried to enable IPsec normalization with max MSS of 1350 (as I read this on several forums).
The CPU is more or less non-stop idle.
Statistic IPsec-Interface (enc0):
mtu: 1536
received-errors: 0
dropped-packets: 0
send-errors: 0
collisions: 0
Actually I have no idea why it is that slow.
I have a policy-based IPSEC-tunnel between two networks which is extremly slow.
Site A) has a 100/100Mbit sync fiber-line
Site B) has a 400/50Mbit async line
I'm currently reaching 4!!! Mbit via my VPN-tunnel.
It is only related to IPSEC-VPN. When I use a openVPN roadwarrior connections everything is fine.
The log files do not show any errors or warnings.
My settings are quite basic:
Settings:
Proposals: aes256-sha512-ecp521 [DH21, NIST EC]
Version: IKEv2
MOBIKE: enabled
DPD delay: 10s
Pools: nothing
Authentication: Public key
Children:
Mode: Tunnel
Policies: enabled
Start action: Start
Stop action: Start
DPD action: Start
ESP-proposals: default
Rekay time: 36600
I also tried to enable IPsec normalization with max MSS of 1350 (as I read this on several forums).
The CPU is more or less non-stop idle.
Statistic IPsec-Interface (enc0):
mtu: 1536
received-errors: 0
dropped-packets: 0
send-errors: 0
collisions: 0
Actually I have no idea why it is that slow.
