IPSec connection goes stale when high throughput
-
@nocling As a test, I disabled the AES-NI CPU Crypto and set up a site-to-site tunnel with the following settings:
Phase 1:
AES128-GCM (128 bits) SHA256 14 (2048 bit)
Phase 2:
ESP AES256-GCM (128 bits) 14 (2048 bit)Now the download does not break anymore. The throughput is about 20 MB/s. Logs after the connection is established are still not available.
-
Ok, that sounds not good.
I use Mobike and DPD in P1
What did you setup in the Advanced IPsec Settings Settings?
I use:
Configure Unique IDs as yes
Make before Break yes
Asynchronous Cryptography yes -
@nocling I have not activated MOBIKE. From my point of view, this is not necessary for a site-to-site VPN connection.
Here are my P1 Settings:
Here are my Advanced IPsec Settings:
I also activated Asynchronous Cryptography, but I didn't see any advantages during testing, so I deactivated it again.
I am at a loss and do not know if the problem is due to the pfSense settings. With the Netgate 1537, do drivers for the hardware also have to be updated in addition to the pfSense? Or is this done with the installation of pfSense? System -> Netgate Firmware Upgrade shows that this function is not available for this hardware.