[Swan] Bandwidth problem

Paul Wouters paul at nohats.ca
Mon Aug 1 01:41:57 UTC 2016 

I will double check the kernel sources and update the man page if needed.

Thanks,

Paul

Sent from my iPhone

> On Jul 31, 2016, at 9:28 PM, Jobst Schmalenbach <jobst at barrett.com.au> wrote:
> 
> Paul
> 
> you might want to update the manuals if you say that 128 is possible:
> In https://libreswan.org/man/spi.8.html it is written:
> 
>   --replay_window replayw
>   sets the replay window size; valid values are decimal, 1 to 64
> 
> 
> 
> Jobst
> 
> 
> 
> 
> Helping people and businesses sell better
> <barrett_everybodylives_black.png>
> Jobst Schmalenbach
> General Manager and Geek
> P	+61 3 9533 0000
> M	+61 411 611 855
> E	jobst at barrett.com.au
> W	www.barrett.com.au
> Sales Training,  Sales Consulting,  Coaching,  Assessments	<blog.png> <linkedin.png> <twitter.png> <facebook.png>
> Consider the environment before printing this email, please.
>> On 01/08/2016 02:12, Paul Wouters wrote:
>> Try libreswan-3.18 with replay-window=64 (or 128)
>> 
>> Paul
>> 
>> Sent from my iPhone
>> 
>>> On Jul 27, 2016, at 11:09, Renzo Dani <arons7 at gmail.com> wrote:
>>> 
>>> Hi,
>>> we have a vpn tunnel between two offices, both have an internet connection of 100Mbps.
>>> Time to time we have serious issue with very poor bandwidth, the problem is not always present, some time we are experience a good bandwidth on the vpn too.
>>> So we are currently not able to identify the problem, we already contact the two Internet service providers but they simply reply they cannot identify any issue on their network.
>>> 
>>> Iperf  between the two vpn gateways using the tunnel (during problem occurs)
>>> [ ID] Interval           Transfer     Bandwidth
>>> [  5]   0.00-1.00   sec   215 KBytes  1.76 Mbits/sec
>>> [  5]   1.00-2.00   sec   195 KBytes  1.60 Mbits/sec
>>> [  5]   2.00-3.00   sec   112 KBytes   920 Kbits/sec
>>> [  5]   3.00-4.00   sec   115 KBytes   942 Kbits/sec
>>> [  5]   4.00-5.00   sec  55.5 KBytes   454 Kbits/sec
>>> [  5]   5.00-6.00   sec  44.7 KBytes   366 Kbits/sec
>>> [  5]   6.00-7.00   sec   134 KBytes  1.10 Mbits/sec
>>> [  5]   7.00-8.00   sec   108 KBytes   887 Kbits/sec
>>> [  5]   8.00-9.00   sec  83.9 KBytes   687 Kbits/sec
>>> [  5]   9.00-10.00  sec   100 KBytes   821 Kbits/sec
>>> [  5]  10.00-10.03  sec  8.12 KBytes  2.02 Mbits/sec
>>> - - - - - - - - - - - - - - - - - - - - - - - - -
>>> [ ID] Interval           Transfer     Bandwidth
>>> [  5]   0.00-10.03  sec  0.00 Bytes  0.00 bits/sec sender
>>> [  5]   0.00-10.03  sec  1.14 MBytes   957 Kbits/sec                  receiver
>>> 
>>> Iperf  between the two vpn gateways using public internet ips at the same time as before
>>> [ ID] Interval           Transfer     Bandwidth
>>> [  5]   0.00-1.00   sec  9.50 MBytes  79.7 Mbits/sec
>>> [  5]   1.00-2.00   sec  11.2 MBytes  93.6 Mbits/sec
>>> [  5]   2.00-3.00   sec  11.0 MBytes  92.5 Mbits/sec
>>> [  5]   3.00-4.00   sec  11.1 MBytes  93.5 Mbits/sec
>>> [  5]   4.00-5.00   sec  11.2 MBytes  93.6 Mbits/sec
>>> [  5]   5.00-6.00   sec  11.2 MBytes  93.7 Mbits/sec
>>> [  5]   6.00-7.00   sec  11.2 MBytes  93.7 Mbits/sec
>>> [  5]   7.00-8.00   sec  11.2 MBytes  94.0 Mbits/sec
>>> [  5]   8.00-9.00   sec  11.2 MBytes  93.9 Mbits/sec
>>> [  5]   9.00-10.00  sec  11.2 MBytes  93.8 Mbits/sec
>>> [  5]  10.00-10.04  sec   510 KBytes  93.6 Mbits/sec
>>> - - - - - - - - - - - - - - - - - - - - - - - - -
>>> [ ID] Interval           Transfer     Bandwidth
>>> [  5]   0.00-10.04  sec  0.00 Bytes  0.00 bits/sec sender
>>> [  5]   0.00-10.04  sec   110 MBytes  92.2 Mbits/sec                  receiver
>>> 
>>> 
>>> 
>>> Our config:
>>> 
>>> config setup
>>>        nat_traversal=yes
>>>        oe=off
>>>        protostack=netkey
>>>        uniqueids=no
>>> 
>>> conn our_vpn
>>>        authby=secret
>>>        disablearrivalcheck=no
>>>        ....
>>>        # PHASE 1
>>>        aggrmode=no
>>>        ike=aes256-sha2_256;modp3072
>>>        ikelifetime=8h
>>>        # PHASE 2
>>>        type=tunnel
>>>        phase2=esp
>>>        phase2alg=aes-256-sha2_256;modp3072
>>>        salifetime=2h
>>>        pfs=yes
>>>        auto=start
>>> 
>>> 
>>> Thanks for any help/suggestion
>>> 
>>> Renzo
>>> 
>>> _______________________________________________
>>> Swan mailing list
>>> Swan at lists.libreswan.org
>>> https://lists.libreswan.org/mailman/listinfo/swan
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160731/02aaf0e1/attachment.html>

More information about the Swan mailing list