[Swan] Bandwidth problem
Jobst Schmalenbach
jobst at barrett.com.au
Mon Aug 1 01:28:00 UTC 2016
Paul
you might want to update the manuals if you say that 128 is possible:
In https://libreswan.org/man/spi.8.html it is written:
--replay_window replayw
sets the replay window size; valid values are decimal, 1 to 64
Jobst
Helping people and businesses sell better
BARRETT Everybody Lives By Selling Something <http://www.barrett.com.au/>
*Jobst Schmalenbach*
General Manager and Geek
*P* +61 3 9533 0000
*M* +61 411 611 855
*E* jobst at barrett.com.au <mailto:jobst at barrett.com.au>
*W* www.barrett.com.au <http://www.barrett.com.au>
Sales Training <http://www.barrett.com.au/sales-training.html>,
Sales Consulting <http://www.barrett.com.au/sales-consulting.html>, Coaching
<http://www.barrett.com.au/coaching.html>, Assessments
<http://www.barrett.com.au/assessments.html> Barrett Sales Blog
<http://salesblog.barrett.com.au/> Linkedin
<http://www.linkedin.com/groups?mostPopular=&gid=3672003> Sue Barrett Twitter
<https://twitter.com/#%21/barrettconsult> Barrett-Consulting-Facebook
<https://www.facebook.com/pages/Barrett-Consulting-Group/217319694964184>
Consider the environment before printing this email, please.
On 01/08/2016 02:12, Paul Wouters wrote:
> Try libreswan-3.18 with replay-window=64 (or 128)
>
> Paul
>
> Sent from my iPhone
>
>> On Jul 27, 2016, at 11:09, Renzo Dani <arons7 at gmail.com> wrote:
>>
>> Hi,
>> we have a vpn tunnel between two offices, both have an internet connection of 100Mbps.
>> Time to time we have serious issue with very poor bandwidth, the problem is not always present, some time we are experience a good bandwidth on the vpn too.
>> So we are currently not able to identify the problem, we already contact the two Internet service providers but they simply reply they cannot identify any issue on their network.
>>
>> Iperf between the two vpn gateways using the tunnel (during problem occurs)
>> [ ID] Interval Transfer Bandwidth
>> [ 5] 0.00-1.00 sec 215 KBytes 1.76 Mbits/sec
>> [ 5] 1.00-2.00 sec 195 KBytes 1.60 Mbits/sec
>> [ 5] 2.00-3.00 sec 112 KBytes 920 Kbits/sec
>> [ 5] 3.00-4.00 sec 115 KBytes 942 Kbits/sec
>> [ 5] 4.00-5.00 sec 55.5 KBytes 454 Kbits/sec
>> [ 5] 5.00-6.00 sec 44.7 KBytes 366 Kbits/sec
>> [ 5] 6.00-7.00 sec 134 KBytes 1.10 Mbits/sec
>> [ 5] 7.00-8.00 sec 108 KBytes 887 Kbits/sec
>> [ 5] 8.00-9.00 sec 83.9 KBytes 687 Kbits/sec
>> [ 5] 9.00-10.00 sec 100 KBytes 821 Kbits/sec
>> [ 5] 10.00-10.03 sec 8.12 KBytes 2.02 Mbits/sec
>> - - - - - - - - - - - - - - - - - - - - - - - - -
>> [ ID] Interval Transfer Bandwidth
>> [ 5] 0.00-10.03 sec 0.00 Bytes 0.00 bits/sec sender
>> [ 5] 0.00-10.03 sec 1.14 MBytes 957 Kbits/sec receiver
>>
>> Iperf between the two vpn gateways using public internet ips at the same time as before
>> [ ID] Interval Transfer Bandwidth
>> [ 5] 0.00-1.00 sec 9.50 MBytes 79.7 Mbits/sec
>> [ 5] 1.00-2.00 sec 11.2 MBytes 93.6 Mbits/sec
>> [ 5] 2.00-3.00 sec 11.0 MBytes 92.5 Mbits/sec
>> [ 5] 3.00-4.00 sec 11.1 MBytes 93.5 Mbits/sec
>> [ 5] 4.00-5.00 sec 11.2 MBytes 93.6 Mbits/sec
>> [ 5] 5.00-6.00 sec 11.2 MBytes 93.7 Mbits/sec
>> [ 5] 6.00-7.00 sec 11.2 MBytes 93.7 Mbits/sec
>> [ 5] 7.00-8.00 sec 11.2 MBytes 94.0 Mbits/sec
>> [ 5] 8.00-9.00 sec 11.2 MBytes 93.9 Mbits/sec
>> [ 5] 9.00-10.00 sec 11.2 MBytes 93.8 Mbits/sec
>> [ 5] 10.00-10.04 sec 510 KBytes 93.6 Mbits/sec
>> - - - - - - - - - - - - - - - - - - - - - - - - -
>> [ ID] Interval Transfer Bandwidth
>> [ 5] 0.00-10.04 sec 0.00 Bytes 0.00 bits/sec sender
>> [ 5] 0.00-10.04 sec 110 MBytes 92.2 Mbits/sec receiver
>>
>>
>>
>> Our config:
>>
>> config setup
>> nat_traversal=yes
>> oe=off
>> protostack=netkey
>> uniqueids=no
>>
>> conn our_vpn
>> authby=secret
>> disablearrivalcheck=no
>> ....
>> # PHASE 1
>> aggrmode=no
>> ike=aes256-sha2_256;modp3072
>> ikelifetime=8h
>> # PHASE 2
>> type=tunnel
>> phase2=esp
>> phase2alg=aes-256-sha2_256;modp3072
>> salifetime=2h
>> pfs=yes
>> auto=start
>>
>>
>> Thanks for any help/suggestion
>>
>> Renzo
>>
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160801/353e921d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: barrett_everybodylives_black.png
Type: image/png
Size: 7805 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160801/353e921d/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blog.png
Type: image/png
Size: 755 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160801/353e921d/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedin.png
Type: image/png
Size: 1793 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160801/353e921d/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter.png
Type: image/png
Size: 1702 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160801/353e921d/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: facebook.png
Type: image/png
Size: 1424 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160801/353e921d/attachment-0009.png>
More information about the Swan
mailing list