Am 30.05.2013 08:07, schrieb Ludvik Roubicek:
> I have problem with 2 m0n0walls running on ALIX's configured to
> connect thru IPSec tunnel each other.
> The problem might be of course between their providers or let's say
> providers networks (some traffic shaping and so on).
> Brief info:
> LAN, PPTP VPN, IPSec to 2nd site
> Connectivity: 50Mbit/15Mbit, Provider 1
> There is PC1 in LAN, Windows 7 Pro.
> LAN, LAN2, PPTP VPN, IPSec to 1st site
> Connectivity: 8Mbit/8Mbit, Provider 2
> There is PC2 in LAN, Windows 7 Pro.
> Site3 - connected only using PPTP VPN on demand
> Connectivity: 30Mbit/30Mbit (shared, typically 10/10Mbps), Provider 3.
> There is my desktop, PC3, Win 7 HP.
> All the sites are geographically different with different providers.
> But the Provider 1 and Provider 2 are somehow related. Provider 2 buys
> connectivity from another company belonging to UPC family. And the
> Provider 1 is direct UPC.
> IPSec tunnel is set between Site1 LAN and Site2 LAN1. Tunnel is up
> very quickly, pings over tunnel (Site1-Site2) are not so bad (about
> 15ms), no lost of packets.
> Connecting from Site 3 (PPTP VPN)
> There is no problem. Everything works as expected. When I connect from
> Site3 to one of the other sites (using PPTP) and try to
> upload/download 200MB file (ISO image) from/to remote computers, it
> runs 750kB/s to 1MB/s without any problems. No disruption, data lost
> etc. RDP works to both PC1 and PC2 correctly.
> *The problem - connecting between Site 1 and Site 2 (IPSec tunnel)*
> The problems come when I connect using the IPSec tunnel. So when
> copying from PC1 to PC2 and vice versa.
> The upload/download speed is about 250 - 350 kB/s and it's very
> unreliable. Sometimes I cannot copy at all, but it happens rarely.
> When I try to connect from *PC2 to PC1 using RDP*, I'm kicked off once
> I need to move larger data using the RDP, for example when I open
> remotely webpage with graphics or some local picture). I have to
> reconnect 4 times till I see whole the picture. So it's able to
> transfer small amount of data. That's the main problem.
> And what makes me crazy is that when I connect from *PC1 to PC2 using
> the RDP*, it works without any problems. Just slow.
> I have tried to change some parameters of the IPSec tunnel (e.g.
> encryption algorithm) without success.
> The traffic over the IPSec tunnel is completely allowed on firewall.
> There is no rule blocking it.
> The only thing I haven't tested yet is to disable the tunnel and
> connect from PC1 to Site2 using the PPTP VPN.
> I'll give it a try today.
> All the 3 places are 80km far from each other what makes it much
> harder to test if I need to do a change in cables and so on.
> Do you have any idea how to solve the problem? I've tried to check it
> by Wireshark, but I cannot find something meaningfull. I know, that
> Provider1 (UPC) limits somehow upload but I don't know how and how to
> avoid the problem.
> I guess it's question of some small change or checkbox... :(
> Thanks a lot.
Could it be that you have a MTU Issue? What Internet connections are you
using? DHCP, PPPoE, PPTP?
Try some pings from Site1 to Site2 and vice versa.
ping other-site -f -l xxxx
Place 1500 for x and go down until you get clear responces.
Im wondering if you get different values on the sites.