[ previous ] [ next ] [ threads ]
 
 From:  Ludvik Roubicek <ludvik at roubicek dot net>
 To:  Lee Sharp <leesharp at hal dash pc dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem with slow and nonreliable IPSec tunnel
 Date:  Fri, 31 May 2013 01:27:08 +0200
Dne 30.5.2013 15:32, Lee Sharp napsal(a):
> On 05/30/2013 01:07 AM, Ludvik Roubicek wrote:
>> Hello,
>> I have problem with 2 m0n0walls running on ALIX's configured to connect
>> thru IPSec tunnel each other.
>> The problem might be of course between their providers or let's say
>> providers networks (some traffic shaping and so on).
>
>> Do you have any idea how to solve the problem? I've tried to check it by
>> Wireshark, but I cannot find something meaningfull. I know, that
>> Provider1 (UPC) limits somehow upload but I don't know how and how to
>> avoid the problem.
>
> I too think it is an MTU issue.  And m0n0wall blockes fragmented IPSEC 
> packets by default.  You might try allowing "Allow fragmented IPsec 
> packets" under System -> Advanced in the firewall section.  Do it on 
> both sides.  Also, use Aggressive, Blowfish, and MD% for the lightest 
> load while still encrypted.
>
>             Lee
>
Fragmented packets are allowed in the tunnel configuration, advanced 
settings and firewall rules (I plan to disable it in the firewall rules 
later, just checking).

When trying the Aggresive mode and the MD5 the speed seems to be the 
same or slightly better. Maybe 10% faster. Thx.

I plan to go there ( tomorrow. I will try to disable the tunnel and 
connect using PPTP VPN if the speed differs.
I suspect the Provider 1 (UPC) and their QOS.

Ludvik