openvpn/ipsec routing
Posted: Tue Sep 13, 2022 10:03 am
Hallo!
I have openvpn and strongswan vpns running on the single server. Openvpn provides both client and site-to-site connections, strongswan handles some other site-to-site tunnels. The server is behind NAT, so strongswan uses udp encapsulation for nat traversal.
When I connect as openvpn client (using bridged mode) I'm trying to reach the location at the remote end of one of the ipsec tunnels. When I upload data to this remote location from client machine, the throughput is about 1Mb/s. But when I copy the data back, the throughput drops to mere 24Kb/s. When I download data from remote to vpn gateway directly (i.e. excluding openvpn client connection), throughput rises to 100Kb/s, but still does not reach upload speed.
When I look at the traffic capture I observe a lot of tcp data retransmissions and duplicate acks.
No such problem occurs when the traffic is routed through openvpn tunnel.
Moreover, this problem does not occur on routing through all ipsec tunnels I have, some of them do not excibit such significant difference in upload/download speeds.
Can somebody give me an advice where to look to investigate this problem?
Best regards!
I have openvpn and strongswan vpns running on the single server. Openvpn provides both client and site-to-site connections, strongswan handles some other site-to-site tunnels. The server is behind NAT, so strongswan uses udp encapsulation for nat traversal.
When I connect as openvpn client (using bridged mode) I'm trying to reach the location at the remote end of one of the ipsec tunnels. When I upload data to this remote location from client machine, the throughput is about 1Mb/s. But when I copy the data back, the throughput drops to mere 24Kb/s. When I download data from remote to vpn gateway directly (i.e. excluding openvpn client connection), throughput rises to 100Kb/s, but still does not reach upload speed.
When I look at the traffic capture I observe a lot of tcp data retransmissions and duplicate acks.
No such problem occurs when the traffic is routed through openvpn tunnel.
Moreover, this problem does not occur on routing through all ipsec tunnels I have, some of them do not excibit such significant difference in upload/download speeds.
Can somebody give me an advice where to look to investigate this problem?
Best regards!