5747 questions

6968 answers

11236 comments

7062 members

0 votes
30 views 4 comments
by
Hello
I have installed several ROOT X10 but it induces excessive latency on the ipsec VPN connection.
How can it be optimized?

Is this a known problem?

1 Answer

0 votes
by
Hello,

I did some tests myself and noticed that latency is high while using IPsec tunnel, but it is expected behavior because IPsec does use encryption and that takes some time. If current latency is not an option for you, you could select simpler encryption, authentication protocols to decrease at least part of the latency.

Regards.
by

Hi,
Ok, they are reduced a little, but we are talking about 4-number digits between the latency of the IP WAN  (40-60ms) and the latency read in the VPN IP (1000-3000ms).
The CPU load is not in the least committed goes 5-15% as the bandwidth does not go beyond 2Mbits.

I also brought the Ipsec ike2 parameters to the minimum of encryption.
What else can I do?
Thanks for the support.
Best regards

by
These are extra-large values indeed, I have approx 50-100% more round-trip time (going from ~40 ms native to max 80 ms VPN) when using IPSEC on a RUTX11 for the same physical destination endpoint. My parameters are AES128/SHA256/ECP256 both for phase 1 and 2.

Do you use IKEv1 or IKEv2 ? What is the device at the other end ?

Regards,
by
Hi, I switched from the RUT240 to the X10 due to its slowness. But I thought it was more performing.
I use IKEv2 and on a RUTX10 I purchase it on purpose to create site-to-site VPN with Zyxel ZyWall USG310.
But they have high latency when loaded with video stream.
Only without data transmission the latency is lowered.
Which similar product is better performing with ipsec vpn?
Regards
by
Could you do a "traceroute 10.29.4.254" from the RUTX10 ? And a ping ?

Regards,