Dne 30.5.2013 15:32, Lee Sharp napsal(a):
> On 05/30/2013 01:07 AM, Ludvik Roubicek wrote:
>> I have problem with 2 m0n0walls running on ALIX's configured to connect
>> thru IPSec tunnel each other.
>> The problem might be of course between their providers or let's say
>> providers networks (some traffic shaping and so on).
>> Do you have any idea how to solve the problem? I've tried to check it by
>> Wireshark, but I cannot find something meaningfull. I know, that
>> Provider1 (UPC) limits somehow upload but I don't know how and how to
>> avoid the problem.
> I too think it is an MTU issue. And m0n0wall blockes fragmented IPSEC
> packets by default. You might try allowing "Allow fragmented IPsec
> packets" under System -> Advanced in the firewall section. Do it on
> both sides. Also, use Aggressive, Blowfish, and MD% for the lightest
> load while still encrypted.
Fragmented packets are allowed in the tunnel configuration, advanced
settings and firewall rules (I plan to disable it in the firewall rules
later, just checking).
When trying the Aggresive mode and the MD5 the speed seems to be the
same or slightly better. Maybe 10% faster. Thx.
I plan to go there ( tomorrow. I will try to disable the tunnel and
connect using PPTP VPN if the speed differs.
I suspect the Provider 1 (UPC) and their QOS.