Poor IPSec performance
-
Hi Olejak,
have you resolved the problem?
Just interesting…
Actually it is normal for large packets:
13:00:47.407446 IP 192.168.42.2 > 192.168.42.1: ESP(spi=0x01e083a4,seq=0x3), length 1480
13:00:47.407450 IP 192.168.42.2 > 192.168.42.1: espI am just wondering whether you receive the same two packets on the other end? I.e. if it is a trace from FW1 do you see the same packets on FW2?
-
Try placing a switch between the 2 pfSense servers. I ran into issues using crossover cables that were cleared up when I used a gig switch instead.
-John
-
Set the MTU of your adapters down to 1400 and try again. Large packets + IPSEC + no fragmentation is a common problem.
For Windows, you can use this: http://www.dslreports.com/drtcp
-
For Windows, you can use this: http://www.dslreports.com/drtcp
Sounds very interesting. Could you explain in more details? -)
-
Can you please give me a little me details. I have setup a similiar configuration. I had a dual 866 with 1 gb of ram connected over 100 mb connected to compac dl 380 with 100 nics. no speed issues. Teested with serveral different issues.
RC -
Just google MTU, fragmentation, IPSEC and VPN.
-
Hello Olejack,
Did you finally solve your issue ?
I'd be very interested as I have the same right now.
I've tried to lower MTU on the WAN interface configuration but it's not taken into account even after a reboot.
A ifconfig shows an MTU of 1500 even though I entered 1300.
I can't find any topic where someone succeeded in modifying the IPSEC MTU.
Im' considering to replace ipsec with openvpn maybe.About commercial support, I've asked once for tinydns support and never had any reply …
Thanks for your help.
