[Swan] Bandwidth problem

Paul Wouters paul at nohats.ca
Sun Jul 31 16:12:28 UTC 2016 

Try libreswan-3.18 with replay-window=64 (or 128)

Paul

Sent from my iPhone

> On Jul 27, 2016, at 11:09, Renzo Dani <arons7 at gmail.com> wrote:
> 
> Hi,
> we have a vpn tunnel between two offices, both have an internet connection of 100Mbps.
> Time to time we have serious issue with very poor bandwidth, the problem is not always present, some time we are experience a good bandwidth on the vpn too.
> So we are currently not able to identify the problem, we already contact the two Internet service providers but they simply reply they cannot identify any issue on their network.
> 
> Iperf  between the two vpn gateways using the tunnel (during problem occurs)
> [ ID] Interval           Transfer     Bandwidth
> [  5]   0.00-1.00   sec   215 KBytes  1.76 Mbits/sec
> [  5]   1.00-2.00   sec   195 KBytes  1.60 Mbits/sec
> [  5]   2.00-3.00   sec   112 KBytes   920 Kbits/sec
> [  5]   3.00-4.00   sec   115 KBytes   942 Kbits/sec
> [  5]   4.00-5.00   sec  55.5 KBytes   454 Kbits/sec
> [  5]   5.00-6.00   sec  44.7 KBytes   366 Kbits/sec
> [  5]   6.00-7.00   sec   134 KBytes  1.10 Mbits/sec
> [  5]   7.00-8.00   sec   108 KBytes   887 Kbits/sec
> [  5]   8.00-9.00   sec  83.9 KBytes   687 Kbits/sec
> [  5]   9.00-10.00  sec   100 KBytes   821 Kbits/sec
> [  5]  10.00-10.03  sec  8.12 KBytes  2.02 Mbits/sec
> - - - - - - - - - - - - - - - - - - - - - - - - -
> [ ID] Interval           Transfer     Bandwidth
> [  5]   0.00-10.03  sec  0.00 Bytes  0.00 bits/sec sender
> [  5]   0.00-10.03  sec  1.14 MBytes   957 Kbits/sec                  receiver
> 
> Iperf  between the two vpn gateways using public internet ips at the same time as before
> [ ID] Interval           Transfer     Bandwidth
> [  5]   0.00-1.00   sec  9.50 MBytes  79.7 Mbits/sec
> [  5]   1.00-2.00   sec  11.2 MBytes  93.6 Mbits/sec
> [  5]   2.00-3.00   sec  11.0 MBytes  92.5 Mbits/sec
> [  5]   3.00-4.00   sec  11.1 MBytes  93.5 Mbits/sec
> [  5]   4.00-5.00   sec  11.2 MBytes  93.6 Mbits/sec
> [  5]   5.00-6.00   sec  11.2 MBytes  93.7 Mbits/sec
> [  5]   6.00-7.00   sec  11.2 MBytes  93.7 Mbits/sec
> [  5]   7.00-8.00   sec  11.2 MBytes  94.0 Mbits/sec
> [  5]   8.00-9.00   sec  11.2 MBytes  93.9 Mbits/sec
> [  5]   9.00-10.00  sec  11.2 MBytes  93.8 Mbits/sec
> [  5]  10.00-10.04  sec   510 KBytes  93.6 Mbits/sec
> - - - - - - - - - - - - - - - - - - - - - - - - -
> [ ID] Interval           Transfer     Bandwidth
> [  5]   0.00-10.04  sec  0.00 Bytes  0.00 bits/sec sender
> [  5]   0.00-10.04  sec   110 MBytes  92.2 Mbits/sec                  receiver
> 
> 
> 
> Our config:
> 
> config setup
>        nat_traversal=yes
>        oe=off
>        protostack=netkey
>        uniqueids=no
> 
> conn our_vpn
>        authby=secret
>        disablearrivalcheck=no
>        ....
>        # PHASE 1
>        aggrmode=no
>        ike=aes256-sha2_256;modp3072
>        ikelifetime=8h
>        # PHASE 2
>        type=tunnel
>        phase2=esp
>        phase2alg=aes-256-sha2_256;modp3072
>        salifetime=2h
>        pfs=yes
>        auto=start
> 
> 
> Thanks for any help/suggestion
> 
> Renzo
> 
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list