On Fri, Jan 18, 2019 at 8:58 AM Radek <alee...@gmail.com> wrote:
> I have configured Site-to-Site ikev2 VPN between two routers (Soekris
> net5501-70).
> Over the internet my transfer speed between these machines is up to
> 5000KB/s (it is OK).
> Over the VPN it is up to 400KB/s only.
>
> Is there any way to squeeze more performance out from these hardware and
> speed up the VPN?
>
> Tested with netcat:
> $ nc 10.0.15.254 1234 < 49MB.test
> $ nc -l 1234 > 49MB.test
>
> $ cat /etc/iked.conf
> ikev2 quick active esp from $local_gw to $remote_gw \
> from $local_lan to $remote_lan peer $remote_gw \
> psk "pass"
>
> $ dmesg | head
> OpenBSD 6.3 (GENERIC) #0: Wed Apr 25 16:38:25 CEST 2018
> rdk@RAC_fw63:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class)
> 500 MHz
> cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
> real mem = 536363008 (511MB)
> avail mem = 512651264 (488MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: date 20/80/26, BIOS32 rev. 0 @ 0xfac40
>
>
>
You should use curl + nginx (with tmpfs) or iperf for bw testing.
don't drop data, maybe the driver of the ethernet card is crappy ?
just drop the all sendbug data if you actually want to help.
Have you tried your NC on the loopback as a reference ?
is the HEADER compression activated ?
--
--
---------------------------------------------------------------------------------------------------------------------
Knowing is not enough; we must apply. Willing is not enough; we must do
