Re: IPSec Site-To-Site extremely low throughput VTI
also your wan_in rules aren't applied on the ah
View ArticleClik here to view.
Re: IPSec Site-To-Site extremely low throughput VTI
goldlineIT wrote:also your wan_in rules aren't applied on the ahDidn't appear to make a difference...but thats important nonetheless AH FW
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
Think i finally found the problem change the vti0 ip address to 40.0.0.2/30 on one of the interfaces
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
haha came down to a simple ip error, guess i should of looked at your 2nd config sooner
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
I would still use aes128 over 3des. and keep nat traversal on. you should be set though.
View ArticleRe: Question about wan fail over
Not good for me. Both internet will be on the same interface.
View ArticleRe: Question about wan fail over
Incorrect, you use the same configuration and just change the gateway which in turn changes the next hop
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
That still isn't fixing the latency issues....any recomends on the MTU/MSS ...everywhere I look that seems to be the major cause of slowdown. Routes look right on one side i see 192.168.2.1...
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
wow, can't believe that didn't fix it. mtu i would set at 1476. and i would disable mss
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
but iff you do want to use mss set it to 1460
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
you can also try 1380 or 1260 for mss
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
Performance is still not there with very long ping times...I'm attaching the current configuration (I've tried with offloading on and off). I only need enough throughput for solid RDP and rsync of log...
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
why are you using vti? i've never used that....maybe thats the issue?
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
my ipsec tunnel averages 40ms maybe the vti has more overhead.
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
from what i found online you should use mss or mtu not both. i just checked my connection uses a default mss of 1400 for ipsec traffic. (its pfsense)
View ArticleRe: IPSec Site-To-Site extremely low throughput VTI
mss mtu might fix problems when sending (almost) max ethernet size packets.A 32 bytes ping isn't affected by mtu mss problems. Maybe a WAN connection on a site is bad (or its uplink saturated), making...
View ArticleRe: IPsec Route vs Static Route priority
Search the forum for ipsec overlapping route.There are newer posts than this onehttps://community.ubnt.com/t5/EdgeMAX/IPSec-VPN-with-overlapping-source-destination/td-p/1675255
View ArticleRe: Edgelite Router
Routing is the only thing that's needed. No NAT required, no portmapsRouting is normally on, between multiple ER interfaces. So just assign 10.0.1.1 to interface eth1 , 172.0.1.1 to eth0 , remove all...
View ArticleRe: Mac address filtering
Thank you for the reply.This rule is blocking known MAC address.... what i want to achieve is to allow known Mac addresses and deny all MAC address that are not known.
View Article