S
S
sailorpapay2019-11-13 16:15:46
Computer networks
sailorpapay, 2019-11-13 16:15:46

How to solve huge delay in strongswan ipsec?

We have the simplest config:
A side:
/etc/ipsec.secrets
35.167.777.7 52.11.777.7 : PSK 'test12345' /etc/ipsec.conf
#
basic configuration
config setup
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
# connection to amsterdam datacenter
conn A-side
authby=secret
left=%defaultroute
leftid=52.11.777.7
leftsubnet=172.31.31.243/24
right=35.167.777.7
rightsubnet=172.31.0.233/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
type=tunnel
B side
/etc/ipsec.secrets
52.11.777.7 35.167.777.7: PSK 'test12345' /etc/ipsec.conf
#
basic configuration
config setup
charondebug= "all"
uniqueids=yes
strictcrlpolicy=no
# connection to amsterdam datacenter
conn paris-to-amsterdam
authby=secret
left=%defaultroute
leftid=35.167.777.7
leftsubnet=172.31.0.233/24
right=52.11.777.7
rightubnet=172.31.31.243/ 24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
type=tunnel
A side - Nginx.
B side - Nginx with upstream private ip to A side.
The problem is as soon as the tunnel starts, all requests to Nginx take tens of seconds.
If you put out the tunnel - Everything works out instantly.
And it doesn't matter whether you request nginx on the A or B side

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question