Hi all,
at the moment I’m trying to optimize the network performance in a site-to-site
setup (see config below). The connection is structured as follows
<network A> <—> VPN-Router A <—> Internet (WAN) <—> VPN-Router B <—> <network b>
The problem is that the network performance between networks a and b is only
around 45 MBit (iperf tcp test) although the WAN connection has nearly 100MBit.
So I monitored the network interfaces of the routers and what I could see was
that there are only flowing around 48 MBit. To test if it is a performance
problem of the routers, I then connected the routers directly (through lan)
with each other and limited the network card to 100 MBit. Then the
VPN-performance is around 94 MBit. So the router performance is not the problem.
Then I simulate a varying delay in the network cards and this seems to be the
problem because when I make a ping between the two networks over vpn and
internet latency is around 70ms (30ms deviation). The two servers have ping
times around 32ms (3ms deviations). With varying delay activated the simulated
throughput is only around 55MBit. My question is now if there is any tuning
possibility in strongswan to deal with this varying latency.
Kind regards
Christian
conn RoutertoRouter
keyexchange=ikev2
right=192.168.100.2
rightid=@test1
rightsubnet=10.5.0.0/16
left=192.168.100.1
leftsubnet=10.4.0.0/16
leftid=@test2
auto=add
authby=secret
ikelifetime=3h
keylife=600s
rekeymargin=200s
leftfirewall=yes
mobike=no
fragmentation=no
keyingtries=%forever
closeaction=restart
dpdaction=restart
esp=aes128-sha1-modp2048
ike=aes128-sha1-modp2048
