5747 questions

6968 answers


7062 members

0 votes
30 views 4 comments
I have installed several ROOT X10 but it induces excessive latency on the ipsec VPN connection.
How can it be optimized?

Is this a known problem?

1 Answer

0 votes

I did some tests myself and noticed that latency is high while using IPsec tunnel, but it is expected behavior because IPsec does use encryption and that takes some time. If current latency is not an option for you, you could select simpler encryption, authentication protocols to decrease at least part of the latency.


Ok, they are reduced a little, but we are talking about 4-number digits between the latency of the IP WAN  (40-60ms) and the latency read in the VPN IP (1000-3000ms).
The CPU load is not in the least committed goes 5-15% as the bandwidth does not go beyond 2Mbits.

I also brought the Ipsec ike2 parameters to the minimum of encryption.
What else can I do?
Thanks for the support.
Best regards

These are extra-large values indeed, I have approx 50-100% more round-trip time (going from ~40 ms native to max 80 ms VPN) when using IPSEC on a RUTX11 for the same physical destination endpoint. My parameters are AES128/SHA256/ECP256 both for phase 1 and 2.

Do you use IKEv1 or IKEv2 ? What is the device at the other end ?

Hi, I switched from the RUT240 to the X10 due to its slowness. But I thought it was more performing.
I use IKEv2 and on a RUTX10 I purchase it on purpose to create site-to-site VPN with Zyxel ZyWall USG310.
But they have high latency when loaded with video stream.
Only without data transmission the latency is lowered.
Which similar product is better performing with ipsec vpn?
Could you do a "traceroute" from the RUTX10 ? And a ping ?