[strongSwan] VPN Performance over WAN (jitter)
christian-hanster at gmx.de
Fri May 12 14:36:00 CEST 2017
thanks for your response.
> On 11 May 2017, at 22:38, Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
> Hello Christian,
>> Then I simulate a *varying delay* in the network cards and this seems to be the problem because when I make a ping between the two networks over vpn and internet latency is around*70ms (30ms deviation)*. The two servers have ping times around 32ms (3ms deviations). With varying delay activated the simulated throughput is only around 55MBit. My question is now if there is any *tuning possibility* in strongswan to*deal *with this *varying latency*.
> You can't, because no VPN packets go through strongSwan.
Ok. So this is because strongswan is using Linux kernel for encryption and packet routing?!
>> Kind regards
>> conn RoutertoRouter
> That conn is pretty bad.
> Use auto=route, don't set closeaction. Don't set fragmentation (it only makes things worse, if you ever disable it, because it's not used when it's not needed anyway).
> You can probably replace aes128-sha1 with aes128gcm8(-prfsha256). That is very likely faster (lower CPU load).
Ok I changed the connection to make it faster (config is added below). However I can see no change in the performance with varying delay in the network...
> Kind regards,
> Noel Kuntze
> IT security consultant
> GPG Key ID: 0x0739AD6C
> Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users