Try libreswan-3.18 with replay-window=64 (or 128) Paul
Sent from my iPhone > On Jul 27, 2016, at 11:09, Renzo Dani <[email protected]> wrote: > > Hi, > we have a vpn tunnel between two offices, both have an internet connection of > 100Mbps. > Time to time we have serious issue with very poor bandwidth, the problem is > not always present, some time we are experience a good bandwidth on the vpn > too. > So we are currently not able to identify the problem, we already contact the > two Internet service providers but they simply reply they cannot identify any > issue on their network. > > Iperf between the two vpn gateways using the tunnel (during problem occurs) > [ ID] Interval Transfer Bandwidth > [ 5] 0.00-1.00 sec 215 KBytes 1.76 Mbits/sec > [ 5] 1.00-2.00 sec 195 KBytes 1.60 Mbits/sec > [ 5] 2.00-3.00 sec 112 KBytes 920 Kbits/sec > [ 5] 3.00-4.00 sec 115 KBytes 942 Kbits/sec > [ 5] 4.00-5.00 sec 55.5 KBytes 454 Kbits/sec > [ 5] 5.00-6.00 sec 44.7 KBytes 366 Kbits/sec > [ 5] 6.00-7.00 sec 134 KBytes 1.10 Mbits/sec > [ 5] 7.00-8.00 sec 108 KBytes 887 Kbits/sec > [ 5] 8.00-9.00 sec 83.9 KBytes 687 Kbits/sec > [ 5] 9.00-10.00 sec 100 KBytes 821 Kbits/sec > [ 5] 10.00-10.03 sec 8.12 KBytes 2.02 Mbits/sec > - - - - - - - - - - - - - - - - - - - - - - - - - > [ ID] Interval Transfer Bandwidth > [ 5] 0.00-10.03 sec 0.00 Bytes 0.00 bits/sec sender > [ 5] 0.00-10.03 sec 1.14 MBytes 957 Kbits/sec receiver > > Iperf between the two vpn gateways using public internet ips at the same > time as before > [ ID] Interval Transfer Bandwidth > [ 5] 0.00-1.00 sec 9.50 MBytes 79.7 Mbits/sec > [ 5] 1.00-2.00 sec 11.2 MBytes 93.6 Mbits/sec > [ 5] 2.00-3.00 sec 11.0 MBytes 92.5 Mbits/sec > [ 5] 3.00-4.00 sec 11.1 MBytes 93.5 Mbits/sec > [ 5] 4.00-5.00 sec 11.2 MBytes 93.6 Mbits/sec > [ 5] 5.00-6.00 sec 11.2 MBytes 93.7 Mbits/sec > [ 5] 6.00-7.00 sec 11.2 MBytes 93.7 Mbits/sec > [ 5] 7.00-8.00 sec 11.2 MBytes 94.0 Mbits/sec > [ 5] 8.00-9.00 sec 11.2 MBytes 93.9 Mbits/sec > [ 5] 9.00-10.00 sec 11.2 MBytes 93.8 Mbits/sec > [ 5] 10.00-10.04 sec 510 KBytes 93.6 Mbits/sec > - - - - - - - - - - - - - - - - - - - - - - - - - > [ ID] Interval Transfer Bandwidth > [ 5] 0.00-10.04 sec 0.00 Bytes 0.00 bits/sec sender > [ 5] 0.00-10.04 sec 110 MBytes 92.2 Mbits/sec receiver > > > > Our config: > > config setup > nat_traversal=yes > oe=off > protostack=netkey > uniqueids=no > > conn our_vpn > authby=secret > disablearrivalcheck=no > .... > # PHASE 1 > aggrmode=no > ike=aes256-sha2_256;modp3072 > ikelifetime=8h > # PHASE 2 > type=tunnel > phase2=esp > phase2alg=aes-256-sha2_256;modp3072 > salifetime=2h > pfs=yes > auto=start > > > Thanks for any help/suggestion > > Renzo > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
