Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
nois2020-11-16 11:13:53
VPN
nois, 2020-11-16 11:13:53

Why does the traffic in the IPsec tunnel stop when transferring a heavy file?

Available: IPsec StrongSwan and L2TP/IPsec Keenetic 4G III servers. Both work stably, they are geographically located in different places, clients successfully connect and work, StrongSwsn even has a permanent tunnel with another office (everything is ok). But when I myself connect from home, some kind of devilry is going on.

At home: PC with Win10 2004, laptop with Win10 1903, Keenetic Giga router. Connection to StrongSwan (IKEv2) via certificate, to Keenetic4G III (L2TP/IPsec) via PSK.

When connected by wire (both from a computer and from a laptop) to any of the servers, the tunnel is created and functions. But, if you start transferring a file (for example, 500MB in size), then after transferring 100-200MB (in different ways), the traffic stops going, when you connect to RDP, the situation is the same (a couple of minutes of work and that's it). In this case, the tunnel is preserved (at least on the StrongSwan server).

If the connection is wireless (via wi-fi), then everything works flawlessly. I also tried to replace my home router with Miktotik - it works stably.

Tell me which way to dig.

UPD: I tried it on a Linux computer (strongswan client) - it works without problems

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
N
nois, 2020-11-27
@nois

It is solved by disabling unnecessary components on the home router (Keenetic giga NDMS v2.04), in particular, the "hardware packet handler" .
But, what is the reason for this behavior, I did not understand. There was an assumption that the router could not cope with packet fragmentation, but experiments with MTU did not lead to anything.
But on Linux, everything works fine - with the included components on the router, by wire / without wire.

Report
A
Alexey Cheremisin, 2020-11-16
@leahch

Try reducing the MTU on the VPN, to 512 for example. In theory it should help.

Report
K
Keffer, 2020-11-16
@Keffer

I also tried to replace my home router with Miktotik - it works stably.

Tell me which way to dig.

In the direction of replacing the complete miserable kinetics with microtics. There is nothing falling and everything works perfectly.

Report
P
pindschik, 2020-11-24
@pindschik

It rests on the processor of the router (prolonged overload) and the settings for disconnecting the connection when there is no connection. The router OS cannot process the ping in the tunnel and thinks it has failed. Play around with the cliff detection settings.

Similar questions
V
Vladimir Paziy2015-06-17 07:12:32
How to set up a VPN client on Mikrotik, for only one port and at the same time have a VPN server on Mikrotik itself? 3Reply
A
anwender952017-05-31 06:57:41
How to choose a network adapter for a process (Use VPN and normal internet for different processes)? 2Reply
S
sarvatas2015-06-21 15:30:48
How to access services on VPS only for vpn (softether) users? 1Reply
A
algordon2019-11-04 22:36:45
Active Directory: how to authorize a user outside the local network? 5Reply
I
IceJOKER2017-06-08 10:09:21
After connecting a vpn connection, external resources do not ping after a minute, how to fix it? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question