Hi, I am using an AWS Ubuntu 12.04 (64 bit) as my VPN server.
On a side-by-side test I can see about a 50% drop-off in speed downloading a file via the VPN vs not (to a file-server on the same LAN as the VPN server) with the client being an IOS device. i.e. 20 secs on WIFI 25-30 secs on WIFI + VPN When the VPN is involved I see a more "bursty" experience. Almost like TCP buffers need tuned or whatever. My question is: should I expect that level of drop-off (all things being equal) or does that seem excessive? It seems somewhat excessive to me. Also, in terms of tuning or troubleshooting this, what should I look at? Ideas I've had so far: a] look into a cheaper "esp" setting. Apparently the default is: aes128-sha256. Anyone know of a cheaper cipher which will work with IOS clients? I tried the NULL cipher setting (esp=null-sha1!) but IOS clients didn't seem to like that proposal. b] tune the TCP settings of the kernel. Can anyone suggest any settings I should especially look for? I was thinking things like tcp rmem/wmem. Do those apply to strongswan (5.x) since it is not in userspace? c] could MTU be a factor? Is there anything people normally tune here? Any other suggestions? Please mention anything you think could vaguely help. A link to any recipes or whatever that may help would also be great. Thanks. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
