4. Multiple Simultaneous VPN Tunnels cause HUGE slowdown, dropped packets

Multiple Simultaneous VPN Tunnels cause HUGE slowdown, dropped packets

  • C

    Hello.

    I have set up PFSense at one facility, and ZyWALL 5 units at two remote facilities.

    I can have either remote facility connected via IPSEC VPN and i get around 20ms latency,
    no dropped packets, high throughput (300kbps)

    If i enable the 2nd facility's vpn connection, i start dropping packets on BOTH vpn tunnels,
    and the ping times rise from 20ms to 100+ ms.

    I ensured that the identifiers are different, and event went so far to have different
    pre-shared keys, encryption algorithms, etc.

    Please help me understand whether this is a limitation of racoon, a pfsense specific issue,
    perhaps a hardware issue, or just a configuration problem?

    I am trying to eliminate the point to point T1s my company currently uses and implement
    cable with dsl backup, so (for me at least), this has a sense of urgency.

    Thank you for your help!

    -Tomaj

    0
  • D

    Are you watching bandwidth utilization when this occurs and sure that your pipe isn't filling up when the IPsec connection to the 2nd facility comes up for some reason?

    0
  • W

    Hey Guys

    I'm seeing something very similar. I have 3 tunnels and and intermittently I cannot ping through the tunnel, it's really odd, it's causing me all sorts of problems. Is there something I can post up here  that may help identify the problem.

    I don't think bandwidth is an issue for me as I have a 10Mb symmetrical link the tunnels are going over.

    0
  • C

    Hello all.

    I am not sure what I did to fix the issue (if anything at all) but it seems OK now.

    I believe i was able to see that the racoon process was dying, so I just rebooted the whole box, and only ran 1 tunnel for a while.  Then one night I was playing with the configurations, testing, doing some file transfers etc etc and it all seems OK..?

    to ensure it was really stable i ran 1 million pings at 100ms interval on both tunnels simultaneously (takes around a day), and I lost around 0.01% of the packets, averaging around 20ms round trip.

    Sorry I can't really help anyone else out there, i guess my only suggestion is play with the encryption settings, identifiers, etc etc..

    -Tomaj

    0
  • W

    Good to hear yours is ok.

    Well I've been running for just over 24 hours and mine has been fine as well, I might try the ping test my self and test how stable it is. The only real difference between now and my last post is that I did have a duplex issue on my WAN that was fixed and have since reinstalled and loaded up the old config, and all is good so far.

    Wasca

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy