Ipsec slow speed?

S

Sergey2017-04-28 09:37:24

VPN

Sergey, 2017-04-28 09:37:24

Ipsec slow speed?

Hello.
the essence of the issue is the following on ipsec low speed, maximum 20 mb
Connecting to host 10.1.1.20, port 5201

[  4] local 192.168.0.114 port 51040 connected to 10.1.1.20 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  1.38 MBytes  11.5 Mbits/sec
[  4]   1.00-2.00   sec   640 KBytes  5.24 Mbits/sec
[  4]   2.00-3.00   sec  1.12 MBytes  9.43 Mbits/sec
[  4]   3.00-4.00   sec  1.50 MBytes  12.6 Mbits/sec
[  4]   4.00-5.00   sec  2.00 MBytes  16.8 Mbits/sec
[  4]   5.00-6.00   sec  1.50 MBytes  12.6 Mbits/sec
[  4]   6.00-7.00   sec  1.12 MBytes  9.44 Mbits/sec
[  4]   7.00-8.00   sec   896 KBytes  7.35 Mbits/sec
[  4]   8.00-9.00   sec   768 KBytes  6.29 Mbits/sec
[  4]   9.00-10.00  sec  1.38 MBytes  11.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec  12.2 MBytes  10.3 Mbits/sec                  sender
[  4]   0.00-10.00  sec  12.1 MBytes  10.2 Mbits/sec                  receiver

Mikrotik is on one end, centos on the other
Channel speed 100 mb
Config. strongswan

config setup
    charondebug="ike 2, knl 2, esp 2, cfg 0"

conn %default
    authby=secret

conn Office-to-DC
    left=x.x.x.x
    leftsubnet=10.1.1.0/24
    leftid=x.x.x.x
    leftfirewall=yes
    right=y.y.y.y.
    rightsubnet=192.168.0.0/24
    rightid=y.y.y.y
    auto=route
    dpdaction=hold
    ike= aes-sha1-modp1024,aes256
     esp=aes256-sha256-modp1536!
    keyexchange=ikev1
    ikelifetime=1440m
    keylife=24h
    compress=yes
    fragmentation=yes

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

J

Janus74, 2017-04-28
@Janus74

Without a tunnel, use iperf to measure the bandwidth between
udp/tcp branches

S

Sergey, 2017-04-28
@ELECTRIC380V

From the side of the office.
Behind Mikrotik, from under win

iperf3.exe -c x.x.x.x
Connecting to host 31.171.246.202, port 5201
[  4] local 192.168.0.114 port 60952 connected to 31.171.246.202 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  3.62 MBytes  30.4 Mbits/sec
[  4]   1.00-2.00   sec  3.62 MBytes  30.4 Mbits/sec
[  4]   2.00-3.00   sec  3.75 MBytes  31.5 Mbits/sec
[  4]   3.00-4.00   sec  3.62 MBytes  30.4 Mbits/sec
[  4]   4.00-5.00   sec  3.88 MBytes  32.5 Mbits/sec
[  4]   5.00-6.00   sec  2.00 MBytes  16.8 Mbits/sec
[  4]   6.00-7.00   sec  2.00 MBytes  16.8 Mbits/sec
[  4]   7.00-8.00   sec  2.25 MBytes  18.9 Mbits/sec
[  4]   8.00-9.00   sec  2.00 MBytes  16.8 Mbits/sec
[  4]   9.00-10.00  sec  1.75 MBytes  14.7 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec  28.5 MBytes  23.9 Mbits/sec                  sender
[  4]   0.00-10.00  sec  28.4 MBytes  23.8 Mbits/sec                  receiver

iperf Done.

iperf3.exe -c X.X.X.X -P 10

[SUM]   0.00-10.00  sec  65.1 MBytes  54.6 Mbits/sec                  sender
[SUM]   0.00-10.00  sec  63.7 MBytes  53.4 Mbits/sec                  receiver

iperf Done.

iperf3.exe -c 10.1.1.1 -P 10
[SUM]   0.00-10.00  sec  17.2 MBytes  14.5 Mbits/sec                  sender
[SUM]   0.00-10.00  sec  15.5 MBytes  13.0 Mbits/sec                  receiver