High ping between sites using IPSEC VPN
-
Several months ago I replaced 2 of my Netgear VPN firewalls with Pfsense and everything worked fine. However since I replaced the firewall in the 3rd and final site I have been having issues with high pings. Before the replacement of the 3rd firewall ping's between all of the sites were somewhere in the region of 20-40ms which I was quite happy with. But since the replacement ping's between 2 sites in particular have been very high on occasion in excess of 3000ms. Nothing else changed at the sites for example modems and cabling etc are all the same. I have even tried replacing 2 of the firewalls with different hardware but still no change. I am using a Proliant MicroServer on 1 site, a Dell OptiPlex 755 on another and a custom build Machine with a older core i5 processor all with atlease 2gb of RAM running the nanobsd version off a data stick
This doesn't appear to affect internet traffic (a ping to 8.8.8.8 results in a ping of 20ms)
The VPN is configured as follows:
Phase1:
Mutual PSK
Negotiation mode: main
My identifier: my IP address
Peer identifier: peer identifier
Policy generation: Default
Proposal checking: Default
Encryption algorithm: AES 256
Hash algorithm: SHA512
DH Key: 18 (8192bit)
Lifetime: 28800
NAT Traversal: Enabled
Dead peer detection: Enabled 10 seconds 5 retriesPhase 2:
Protocol: ESP
Encryption algorithms: AES 256
Hash algorithms: SHA512
PFS Key group: 18 (8192 Bits)
Lifetime: 86400Any help is greatly appreciated :)
-
If it's not affecting all Internet traffic, try traffic over the Internet, outside the VPN, between the two sites.
Your hardware is way more than powerful enough, my guess is the connectivity between site A and site B is poor at times.
-
Finally got it resolved. It was being caused by a dodgy network card. Replaced the card and all is good now