IPSect Site to Site (Slow Upload) - (Fast Download) issue
-
Yes. The firewall rules on IPsec are the same as any other interface. They govern connections coming INTO that firewall on that interface.
-
So here are my iperf tests
Site B to Site A (left window is Site B, right window is Site A)
Site B to Site A
-
Still doesn't point at anything on the firewalls themselves.
(You have to specify a -b bandwidth flag when using UDP or it tries to send 1Mbit/sec as you saw)
-
How do you know its not the ISP? I swear I've seen Comcast Residential throttle all kinds of things.
-
@bbrendon I dont know sir. I do not know where else to look at.
-
Here are my speedtest using UDP from SiteB to SiteA
They are showing two different information.
Left: Site B (client)
Right: Site A (Server)
-
RESOLVED!!
I have set both ends to MSS Clamping 1300 and that solved the issue.
I can now upload data to Qnap at full speed 80-90Mbps.Wrap up thoughts?
-
Wouldn't it be better to fix what's preventing MTU discovery to work properly (your ICMP filtering perhaps)?
I've never needed MSS Clamping.
-
@p3r ICMP filtering?
-
As far as I know MSS Clamping is a workaround to avoid MTU discovery problems. I assumed that you have some filtering in the source-destination path (ICMP was my first thought) that prevent MTU discovery.
Since throughtput was assymetric, I expected it to be fairly easy to find what was different and causing the issue at one end.
