[ previous ] [ next ] [ threads ]
 From:  Jack <jack at jbyte dot org>
 To:  m0n0wall at lists dot m0n0 dot ch, ludvik at roubicek dot net
 Subject:  Re: [m0n0wall] Problem with slow and nonreliable IPSec tunnel
 Date:  Thu, 30 May 2013 09:30:09 +0200
Am 30.05.2013 08:07, schrieb Ludvik Roubicek:
> Hello,
> I have problem with 2 m0n0walls running on ALIX's configured to 
> connect thru IPSec tunnel each other.
> The problem might be of course between their providers or let's say 
> providers networks (some traffic shaping and so on).
> Brief info:
> Site1
> LAN, PPTP VPN, IPSec to 2nd site
> Connectivity: 50Mbit/15Mbit, Provider 1
> There is PC1 in LAN, Windows 7 Pro.
> Site2
> LAN, LAN2, PPTP VPN, IPSec to 1st site
> Connectivity: 8Mbit/8Mbit, Provider 2
> There is PC2 in LAN, Windows 7 Pro.
> Site3 - connected only using PPTP VPN on demand
> Connectivity: 30Mbit/30Mbit (shared, typically 10/10Mbps), Provider 3.
> There is my desktop, PC3, Win 7 HP.
> All the sites are geographically different with different providers. 
> But the Provider 1 and Provider 2 are somehow related. Provider 2 buys 
> connectivity from another company belonging to UPC family. And the 
> Provider 1 is direct UPC.
> IPSec tunnel is set between Site1 LAN and Site2 LAN1. Tunnel is up 
> very quickly, pings over tunnel (Site1-Site2) are not so bad (about 
> 15ms), no lost of packets.
> Connecting from Site 3 (PPTP VPN)
> There is no problem. Everything works as expected. When I connect from 
> Site3 to one of the other sites (using PPTP) and try to 
> upload/download 200MB file (ISO image) from/to remote computers, it 
> runs 750kB/s to 1MB/s without any problems. No disruption, data lost 
> etc. RDP works to both PC1 and PC2 correctly.
> *The problem - connecting between Site 1 and Site 2 (IPSec tunnel)*
> The problems come when I connect using the IPSec tunnel.  So when 
> copying from PC1 to PC2 and vice versa.
> The upload/download speed is about 250 - 350 kB/s and it's very 
> unreliable. Sometimes I cannot copy at all, but it happens rarely.
> When I try to connect from *PC2 to PC1 using RDP*, I'm kicked off once 
> I need to move larger data using the RDP, for example when I open 
> remotely webpage with graphics or some local picture). I have to 
> reconnect 4 times till I see whole the picture. So it's able to 
> transfer small amount of data. That's the main problem.
> And what makes me crazy is that when I connect from *PC1 to PC2 using 
> the RDP*, it works without any problems. Just slow.
> I have tried to change some parameters of the IPSec tunnel (e.g. 
> encryption algorithm) without success.
> The traffic over the IPSec tunnel is completely allowed on firewall. 
> There is no rule blocking it.
> The only thing I haven't tested yet is to disable the tunnel and 
> connect from PC1 to Site2 using the PPTP VPN.
> I'll give it a try today.
> All the 3 places are 80km far from each other what makes it much 
> harder to test if I need to do a change in cables and so on.
> Do you have any idea how to solve the problem? I've tried to check it 
> by Wireshark, but I cannot find something meaningfull. I know, that 
> Provider1 (UPC) limits somehow upload but I don't know how and how to 
> avoid the problem.
> I guess it's question of some small change or checkbox... :(
> Thanks a lot.
> Ludvik
Hi Ludvik,

Could it be that you have a MTU Issue? What Internet connections are you 
using? DHCP, PPPoE, PPTP?
Try some pings from Site1 to Site2 and vice versa.

On Windows:
ping other-site -f -l xxxx
Place 1500 for x and go down until you get clear responces.

Im wondering if you get different values on the sites.

Best regards