Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple Simultaneous VPN Tunnels cause HUGE slowdown, dropped packets

    IPsec
    3
    5
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ctxspy
      last edited by

      Hello.

      I have set up PFSense at one facility, and ZyWALL 5 units at two remote facilities.

      I can have either remote facility connected via IPSEC VPN and i get around 20ms latency,
      no dropped packets, high throughput (300kbps)

      If i enable the 2nd facility's vpn connection, i start dropping packets on BOTH vpn tunnels,
      and the ping times rise from 20ms to 100+ ms.

      I ensured that the identifiers are different, and event went so far to have different
      pre-shared keys, encryption algorithms, etc.

      Please help me understand whether this is a limitation of racoon, a pfsense specific issue,
      perhaps a hardware issue, or just a configuration problem?

      I am trying to eliminate the point to point T1s my company currently uses and implement
      cable with dsl backup, so (for me at least), this has a sense of urgency.

      Thank you for your help!

      -Tomaj

      1 Reply Last reply Reply Quote 0
      • D
        drees
        last edited by

        Are you watching bandwidth utilization when this occurs and sure that your pipe isn't filling up when the IPsec connection to the 2nd facility comes up for some reason?

        1 Reply Last reply Reply Quote 0
        • W
          Wasca
          last edited by

          Hey Guys

          I'm seeing something very similar. I have 3 tunnels and and intermittently I cannot ping through the tunnel, it's really odd, it's causing me all sorts of problems. Is there something I can post up here  that may help identify the problem.

          I don't think bandwidth is an issue for me as I have a 10Mb symmetrical link the tunnels are going over.

          1 Reply Last reply Reply Quote 0
          • C
            ctxspy
            last edited by

            Hello all.

            I am not sure what I did to fix the issue (if anything at all) but it seems OK now.

            I believe i was able to see that the racoon process was dying, so I just rebooted the whole box, and only ran 1 tunnel for a while.  Then one night I was playing with the configurations, testing, doing some file transfers etc etc and it all seems OK..?

            to ensure it was really stable i ran 1 million pings at 100ms interval on both tunnels simultaneously (takes around a day), and I lost around 0.01% of the packets, averaging around 20ms round trip.

            Sorry I can't really help anyone else out there, i guess my only suggestion is play with the encryption settings, identifiers, etc etc..

            -Tomaj

            1 Reply Last reply Reply Quote 0
            • W
              Wasca
              last edited by

              Good to hear yours is ok.

              Well I've been running for just over 24 hours and mine has been fine as well, I might try the ping test my self and test how stable it is. The only real difference between now and my last post is that I did have a duplex issue on my WAN that was fixed and have since reinstalled and loaded up the old config, and all is good so far.

              Wasca

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.