FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
547 views 4 comments
by
Hello
I have installed several ROOT X10 but it induces excessive latency on the ipsec VPN connection.
How can it be optimized?

Is this a known problem?

1 Answer

0 votes
by anonymous
Hello,

I did some tests myself and noticed that latency is high while using IPsec tunnel, but it is expected behavior because IPsec does use encryption and that takes some time. If current latency is not an option for you, you could select simpler encryption, authentication protocols to decrease at least part of the latency.

Regards.
by

Hi,
Ok, they are reduced a little, but we are talking about 4-number digits between the latency of the IP WAN  (40-60ms) and the latency read in the VPN IP (1000-3000ms).
The CPU load is not in the least committed goes 5-15% as the bandwidth does not go beyond 2Mbits.

I also brought the Ipsec ike2 parameters to the minimum of encryption.
What else can I do?
Thanks for the support.
Best regards

by anonymous
These are extra-large values indeed, I have approx 50-100% more round-trip time (going from ~40 ms native to max 80 ms VPN) when using IPSEC on a RUTX11 for the same physical destination endpoint. My parameters are AES128/SHA256/ECP256 both for phase 1 and 2.

Do you use IKEv1 or IKEv2 ? What is the device at the other end ?

Regards,
by
Hi, I switched from the RUT240 to the X10 due to its slowness. But I thought it was more performing.
I use IKEv2 and on a RUTX10 I purchase it on purpose to create site-to-site VPN with Zyxel ZyWall USG310.
But they have high latency when loaded with video stream.
Only without data transmission the latency is lowered.
Which similar product is better performing with ipsec vpn?
Regards
by anonymous
Could you do a "traceroute 10.29.4.254" from the RUTX10 ? And a ping ?

Regards,