[ previous ] [ next ] [ threads ]
 
 From:  Ludvik Roubicek <ludvik at roubicek dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Problem with slow and nonreliable IPSec tunnel
 Date:  Thu, 30 May 2013 08:07:55 +0200
Hello,
I have problem with 2 m0n0walls running on ALIX's configured to connect 
thru IPSec tunnel each other.
The problem might be of course between their providers or let's say 
providers networks (some traffic shaping and so on).

Brief info:

Site1
LAN, PPTP VPN, IPSec to 2nd site
Connectivity: 50Mbit/15Mbit, Provider 1
There is PC1 in LAN, Windows 7 Pro.

Site2
LAN, LAN2, PPTP VPN, IPSec to 1st site
Connectivity: 8Mbit/8Mbit, Provider 2
There is PC2 in LAN, Windows 7 Pro.

Site3 - connected only using PPTP VPN on demand
Connectivity: 30Mbit/30Mbit (shared, typically 10/10Mbps), Provider 3.
There is my desktop, PC3, Win 7 HP.

All the sites are geographically different with different providers. But 
the Provider 1 and Provider 2 are somehow related. Provider 2 buys 
connectivity from another company belonging to UPC family. And the 
Provider 1 is direct UPC.

IPSec tunnel is set between Site1 LAN and Site2 LAN1. Tunnel is up very 
quickly, pings over tunnel (Site1-Site2) are not so bad (about 15ms), no 
lost of packets.

Connecting from Site 3 (PPTP VPN)
There is no problem. Everything works as expected. When I connect from 
Site3 to one of the other sites (using PPTP) and try to upload/download 
200MB file (ISO image) from/to remote computers, it runs 750kB/s to 
1MB/s without any problems. No disruption, data lost etc. RDP works to 
both PC1 and PC2 correctly.

*The problem - connecting between Site 1 and Site 2 (IPSec tunnel)*
The problems come when I connect using the IPSec tunnel.  So when 
copying from PC1 to PC2 and vice versa.
The upload/download speed is about 250 - 350 kB/s and it's very 
unreliable. Sometimes I cannot copy at all, but it happens rarely.
When I try to connect from *PC2 to PC1 using RDP*, I'm kicked off once I 
need to move larger data using the RDP, for example when I open remotely 
webpage with graphics or some local picture). I have to reconnect 4 
times till I see whole the picture. So it's able to transfer small 
amount of data. That's the main problem.
And what makes me crazy is that when I connect from *PC1 to PC2 using 
the RDP*, it works without any problems. Just slow.

I have tried to change some parameters of the IPSec tunnel (e.g. 
encryption algorithm) without success.
The traffic over the IPSec tunnel is completely allowed on firewall. 
There is no rule blocking it.

The only thing I haven't tested yet is to disable the tunnel and connect 
from PC1 to Site2 using the PPTP VPN.
I'll give it a try today.
All the 3 places are 80km far from each other what makes it much harder 
to test if I need to do a change in cables and so on.

Do you have any idea how to solve the problem? I've tried to check it by 
Wireshark, but I cannot find something meaningfull. I know, that 
Provider1 (UPC) limits somehow upload but I don't know how and how to 
avoid the problem.
I guess it's question of some small change or checkbox... :(
Thanks a lot.
Ludvik