Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Poor tcp performance over IPSec/GRE tunnel
« previous
next »
Print
Pages: [
1
]
Author
Topic: Poor tcp performance over IPSec/GRE tunnel (Read 415 times)
zombieboy
Newbie
Posts: 1
Karma: 0
Poor tcp performance over IPSec/GRE tunnel
«
on:
July 13, 2024, 01:24:42 pm »
I have a 24.1.10 system deployed as a VM in a Hyper-V install
The system is connecting several local interfaces to the internet and VPN tunnels
The installation seems to work well for local traffic going to the internet but acts weirdly when the traffic is sent to a GRE/IPSec tunnel configured on the Opensense. The symptoms are:
- UDP works just fine (i.e. iperf3 -c -u <remote server> -b 30m shows 30 Mbit/s of throughput with very minimal drops)
- TCP fails miserably. iperf3 -c <remote server> reports 1.38 Mbit/s for the first second and then drops to zero till the end of the test
The same is reported on the server side
The rules on the firewall are very basic: Allow everything out, NAT to a specific address, no Shaping or anything fancy.
The tunnel is configured as a "Legacy"IPSec/GRE due to historical reasons and seems to be working fine as UDP traffic gets through
There's a normalization rule that clamps MSS for everything coming to and from the LAN interfaces to 1300 that doesn't help
The whole installation is an attempt to stage out a Vyatta instance that works with the same remote Cisco but doesn't show any of this behaviour
I'm completely lost on this issue. Can someone point me to an approach to the solution?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Poor tcp performance over IPSec/GRE tunnel