I have problem with 2 m0n0walls running on ALIX's configured to connect
thru IPSec tunnel each other.
The problem might be of course between their providers or let's say
providers networks (some traffic shaping and so on).
LAN, PPTP VPN, IPSec to 2nd site
Connectivity: 50Mbit/15Mbit, Provider 1
There is PC1 in LAN, Windows 7 Pro.
LAN, LAN2, PPTP VPN, IPSec to 1st site
Connectivity: 8Mbit/8Mbit, Provider 2
There is PC2 in LAN, Windows 7 Pro.
Site3 - connected only using PPTP VPN on demand
Connectivity: 30Mbit/30Mbit (shared, typically 10/10Mbps), Provider 3.
There is my desktop, PC3, Win 7 HP.
All the sites are geographically different with different providers. But
the Provider 1 and Provider 2 are somehow related. Provider 2 buys
connectivity from another company belonging to UPC family. And the
Provider 1 is direct UPC.
IPSec tunnel is set between Site1 LAN and Site2 LAN1. Tunnel is up very
quickly, pings over tunnel (Site1-Site2) are not so bad (about 15ms), no
lost of packets.
Connecting from Site 3 (PPTP VPN)
There is no problem. Everything works as expected. When I connect from
Site3 to one of the other sites (using PPTP) and try to upload/download
200MB file (ISO image) from/to remote computers, it runs 750kB/s to
1MB/s without any problems. No disruption, data lost etc. RDP works to
both PC1 and PC2 correctly.
*The problem - connecting between Site 1 and Site 2 (IPSec tunnel)*
The problems come when I connect using the IPSec tunnel. So when
copying from PC1 to PC2 and vice versa.
The upload/download speed is about 250 - 350 kB/s and it's very
unreliable. Sometimes I cannot copy at all, but it happens rarely.
When I try to connect from *PC2 to PC1 using RDP*, I'm kicked off once I
need to move larger data using the RDP, for example when I open remotely
webpage with graphics or some local picture). I have to reconnect 4
times till I see whole the picture. So it's able to transfer small
amount of data. That's the main problem.
And what makes me crazy is that when I connect from *PC1 to PC2 using
the RDP*, it works without any problems. Just slow.
I have tried to change some parameters of the IPSec tunnel (e.g.
encryption algorithm) without success.
The traffic over the IPSec tunnel is completely allowed on firewall.
There is no rule blocking it.
The only thing I haven't tested yet is to disable the tunnel and connect
from PC1 to Site2 using the PPTP VPN.
I'll give it a try today.
All the 3 places are 80km far from each other what makes it much harder
to test if I need to do a change in cables and so on.
Do you have any idea how to solve the problem? I've tried to check it by
Wireshark, but I cannot find something meaningfull. I know, that
Provider1 (UPC) limits somehow upload but I don't know how and how to
avoid the problem.
I guess it's question of some small change or checkbox... :(
Thanks a lot.