Re: [strongSwan] VPN Performance over WAN (jitter)

2017-05-12 Thread Christian Hanster
> On 12 May 2017, at 14:00, Mirko Parthey wrote: > > On Fri, May 12, 2017 at 11:52:52AM +0200, Christian Hanster wrote: >> I measured connection speed without VPN and it is nearly 92 MBit/s Down and >> 10MBit/s upstream from the limiting side. So the connection between the

Re: [strongSwan] VPN Performance over WAN (jitter)

2017-05-12 Thread Noel Kuntze
Hi Christian, On 12.05.2017 14:36, Christian Hanster wrote: >> >> You can't, because no VPN packets go through strongSwan. > Ok. So this is because strongswan is using Linux kernel for encryption and > packet routing?! Yes. And you should know it, because the introduction mentions it quite

Re: [strongSwan] swanctl unloads private key on startup (not desired)

2017-05-12 Thread Stephen Ayotte
That did it! The new strongswan.conf is more like this: charon { start-scripts { # creds = /usr/local/sbin/swanctl --load-creds # <-- this line was the problem conns = /usr/local/sbin/swanctl --load-conns # <-- this line seems to imply loading creds mentioned in

Re: [strongSwan] VPN Performance over WAN (jitter)

2017-05-12 Thread Christian Hanster
Hi Noel, thanks for your response. > On 11 May 2017, at 22:38, Noel Kuntze > wrote: > > Hello Christian, > >> Then I simulate a *varying delay* in the network cards and this seems to be >> the problem because when I make a ping between the

Re: [strongSwan] VPN Performance over WAN (jitter)

2017-05-12 Thread Mirko Parthey
On Fri, May 12, 2017 at 11:52:52AM +0200, Christian Hanster wrote: > I measured connection speed without VPN and it is nearly 92 MBit/s Down and > 10MBit/s upstream from the limiting side. So the connection between the two > routers does not seem to be a problem. Please check if your 10MBit/s

Re: [strongSwan] VPN Performance over WAN (jitter)

2017-05-12 Thread Christian Hanster
Hi Mirko, thanks for your response. > On 11 May 2017, at 20:59, Mirko Parthey > wrote: > > On Thu, May 11, 2017 at 04:00:17PM +0200, Christian Hanster wrote: >> Hi all, >> >> at the moment I’m trying to optimize the network performance in a

Re: [strongSwan] VPN Performance over WAN (jitter)

2017-05-12 Thread Christian Hanster
Hi Mirko, thanks for your response. > On 11 May 2017, at 20:59, Mirko Parthey > wrote: > > On Thu, May 11, 2017 at 04:00:17PM +0200, Christian Hanster wrote: >> Hi all, >> >> at the moment I’m trying to optimize the network performance in a

Re: [strongSwan] swanctl unloads private key on startup (not desired)

2017-05-12 Thread Tobias Brunner
Hi Stephen, > On startup, swanctl seems to load and then immediately unload the > private key associated with the "local" cert: > 10[CFG] loaded RSA private key > 10[CFG] unloaded private key with id > 4d12e9d018870dfc33ddd431233ec05a97498ccc I was able to reproduce this issue. It

Re: [strongSwan] Tunnel failing when rekeying

2017-05-12 Thread Tobias Brunner
Hi Dusan, > May 11 08:37:04 10[IKE] CHILD_SA azure{5} established with > SPIs cbf4ad11_i 25a1672e_o and TS 10.1.1.0/26 === 10.0.1.0/24 > May 11 15:44:10 07[IKE] no acceptable proposal found > May 11 15:44:10 07[IKE] failed to establish CHILD_SA, keeping > IKE_SA