VPN Dropouts and speed varies

maximilian500

Hello everybody,
I have been running a VPN for months

PfSense 2.3.2 –------------------------------- Fritzbox 6490
VDSL Telecom                                            KDG / Vodafone 100
50 Mbit Download                                    100 Mbit Download
10Mbit Upload                                              6 Mbit Upload
Unify OpenScape Business V2                  OpenScape Deskphone IP 55G HFA
                                                                  SIP DECT phones

Everything works so far, VPN is also great. On the side of the Fritzbox stand several OpenScape Deskphone IP 55G telephones as well as several SIP DECT telephones. Before 3 years were on both sides Fritzboxes in the employment around to manage the VPN. The voice quality was outstanding. On the one hand, the Fritzbox was now replaced by a PfSense. On the side of the Fritzbox always occurs again small milliseconds dropouts in conversation. This seems to concern only the download direction of the Fritzbox or the upload direction of the PfSense. There can be no traffic on both sides, but the interruptions are still there. On the side of the PfSense is an Unify OpenScape Business telephone system. This is where the phones of the other location register. At the location of the telephone system are different SIP Provider connected, also there is the speech quality very good. So somewhere always packages or small pieces hang. The IPSEC VPN has also been set higher with the traffic shaper. But this has not brought anything yet. Does one of you have an idea?

In addition, data transmission via SMB or via HTTP, the transmission varies between 300-700 kbyte / s. This should be actually 1 Mbyte / s

As an attachment (you will see it after you login to the forum)
-the outbound and portforward of the PFSense Figure 1-4
Configuration VPN of the PFSense Figure 5-11

Config of AVM Fritzbox:

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "VPN MS Firewall";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = 0.0.0.0;
                remote_virtualip = 0.0.0.0;
                remotehostname = "DYNDNS NAME";
                localid {

}
                remoteid {
                        fqdn = "DYNDNS NAME";
                }
                mode = phase1_mode_aggressive;
                phase1ss = "def/3des/sha";
                keytype = connkeytype_pre_shared;
                key = "KEY PSK";
                cert_do_server_auth = no;
                use_nat_t = no;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.0.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 192.168.2.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
                accesslist = "permit ip any 192.168.2.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}

// EOF

Sincerely, and thank you for replies

maximilian500

sinsua

This post is deleted!

maximilian500

This post is deleted!