I have a m0n0wall to m0n0wall VPN IPSec VPN that worked wonderfully for
several years. The link is between two nursing home facilities that are
about 100 miles apart. One has an 8M/2M cable modem service (Comcast), the
other had a 1.5M/384K DSL service (Verizon). Both sides have static IPs.
I finally got the management to agree switch out the DSL for a much faster
30M/5M Cable Service (Optimum) on the one side. However, after switching, my
users immediately began to complain about dropped/slow connections across
the VPN, and "I thought this was supposed to be faster."
I tried allowing fragmented IPSec traffic, but that really didn't help.
I began experimenting with lowering the MTU across the tunnel, and found
that a significant portion of my traffic was being dropped. The sweet spot
seems to be 1418 (1419 drops some traffic). I went searching for a way
to permanently lower the tunnel's MTU, but all I could find was a post where
the recommendation was to lower the MTU of the WAN interface via ifconfig in
a <shellcmd> tag. That seems to make the connection better in my initial
testing, but I can't help but think that there is a better way.
Most of my user base is in Comcast Territory so I have little experience
with Optimum online. I've never had to change a MTU setting on Comcast
before. Can anyone tell me if this is normal for Optimum Online? (Cisco
Router + Cable Modem w/ 5 Static IPs)
I should note that I can connect in to either facility via PPTP and in both
cases it is quite fast. Both facilities also show no issues when I try
running a bandwidth test like the one at www.speakeasy.net/speedtest.
I'll post back tomorrow after the users get back on and I'll have a better
idea of whether or not lowering the MTU on the WAN interface worked.
Both M0n0walls are identical hardware:
Sempron 2600+ CPU
3x Intel Pro1000 PCI adapters + 1 VIA Rhine (On Board)
32MB CF Card