On Tue, 9 Jul 2002 MarshallJ_at_switch.aust.com wrote:
> I have a vpn between FreeS/WAN and a cisco vpn concentrator. The FreeS/WAN
> box is in Australia and the Cisco is in USA. We have 2Mbit connection at
> each end, and I am seeing a 40kbytes/sec transfer rate through the vpn. I
> expected it to be a lot faster than that.
>
> I have a second FreeS/WAN box that's connected to the same cisco
> concentrator, and is on a 1.5Mbit connection however the ping time is
> lower (260ms vs 340 ms) and I am able to transfer 60kbytes/sec.
>
> My question is: Is the ipsec protocol bandwidth limited by round-trip
> time? Both ends were reasonably idle other than the vpn traffic at the
> times of the tests, so the only thing I can think of is the distance.
I don't believe so... I have a North America to Denmark link
(3Mbit in NA, 2Mbit in DK) VPN with FreeS/Wan running, and I can push
through 180kbyte/sec+ every day. Latency is 150ms on average.
>
> My next question is: How can I get this bandwidth to be closer to the
> capacity of the links?
>
> Regards,
> Josh Marshall.
Without IPSec, what kind of throughput are you getting? I'm guessing this
is an ISP / general internet crappyness issue, and not an IPSec issue.
The other place to look since this is a FreeS/Wan <-> Cisco VPN is MTU and
fragmentation. Have you sniffed ipsec0 on the FreeS/Wan box and looked
for fragments?
-- Ken Bantoft One Unix to rule them all, One Resolver to find them, ken_at_networkoverlord.com One IP to bring them all, and in the zone, bind them._______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:19 CEST