[uanog] slow ipsec between linux and mikrotik

Igor Levchuk levchuk.igor at gmail.com
Mon Dec 14 19:44:40 EET 2020 

Яка модель мікротіка ?

On Mon, 14 Dec 2020 at 19:02, Volodymyr Litovka <doka at xlit.one> wrote:

> Поможет? -
>
> -------- Forwarded Message --------
> Subject: Re: [strongSwan] Packet loss in ipsec tunnel
> Date: Mon, 12 Oct 2020 16:44:30 +0200
> From: Tobias Brunner <tobias at strongswan.org> <tobias at strongswan.org>
> To: wax g. <waxitau at gmail.com> <waxitau at gmail.com>,
> users at lists.strongswan.org
>
> Hi,
>
> * When is replay-window stats increased ?
>
>
> Whenever a packet arrives with a sequence number that's lower than the
> lower end of the replay window (i.e. with seq < highest_received_seq -
> window). Could be an actually delayed packet but might also be because
> the window is simply too small for your line speed and traffic pattern,
> e.g. because packets arrive so fast and in quick succession that the
> window is moved constantly and too quickly so slightly delayed (or
> perhaps larger) packets have to be dropped.
>
> * I've noticed that on devices not experiencing packet losses over the
> ipsec tunnel all the stats = 0 (replay-window, replay & fail).
>
>
> Yes, those stats indicate errors, so it's good if everything is 0 there.
>
> * I'm suspecting a replay window issue for received ipsec packets that
> are dropped..
>
>
> Did you configure a replay window size
> (connections.<conn>.children.<child>.replay_window in swanctl.conf)?
> The default is 32, which is pretty low.
>
> Regards,
>
> Tobias
>
>
> On 14.12.2020 15:41, Gregory Edigarov wrote:
>
> Всем привет,
>
> при копировании большого файла обнаружилась проблема.
> mss/mtu - вроде все сделали, но все равно медленно.
> 1Mбит на 100Mбит канале....
>
> что может быть причиной?
> _______________________________________________
> uanog mailing listuanog at uanog.kiev.uahttps://mailman.uanog.kiev.ua/mailman/listinfo/uanog
>
> --
> Volodymyr Litovka
>   "Vision without Execution is Hallucination." -- Thomas Edison
>
> _______________________________________________
> uanog mailing list
> uanog at uanog.kiev.ua
> https://mailman.uanog.kiev.ua/mailman/listinfo/uanog



-- 
Regards,
Igor Levchuk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.uanog.kiev.ua/pipermail/uanog/attachments/20201214/02d1b09e/attachment.html>

More information about the uanog mailing list