Ask Your Question

Low IPSec VPN bandwidth - how to find the cause?

asked 2018-08-17 12:39:48 +0000

Hi all. I got an IPSec VPN Tunnel between Europe and USA (latency 135 ms). The internet link on the Europe side is 50/50 Mbps, whereas in USA it is 100/100 Mbps. Using iperf I could only measure 10 Mbps throughput in this VPN tunnel. I also lowered the MTU size to 1410 bytes but it didn't help (it didn't get better, nor worse).

Where do I need to take a closer look at, to find out where the issue is?

Many thanks in advance and regards, Flavio.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-08-17 14:02:10 +0000

mctmike gravatar image

One of the first things you might want to try is to capture that traffic with Wireshark and view it through an I/O Graph. Depending on which flavor of TCP is running, you might see patterns of throughput that will give you a better sense of what's going on. Some older implementations of TCP overreact to congestion on high-latency links.

Also, it's worth looking at the SYN and SYN/ACK handshake packets on both ends, particularly looking to see what size receive buffers each side is declaring. It could be that one side or the other is using such a small receive buffer that the other side needs to slow down to avoid overflowing the buffer.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2018-08-17 12:39:48 +0000

Seen: 84 times

Last updated: Aug 17