Community discussions

MikroTik App
  4. RouterOS
  5. General

Losing flat ping packages over IPsec

Post Reply
 
pchott
newbie
Topic Author
Posts: 44
Joined: Tue Apr 29, 2014 11:15 am
Location: Holzkirchen, Germany

Losing flat ping packages over IPsec

Thu Aug 28, 2014 12:46 pm

Status:
Two CCR1036 RouterOS 6.15 connected over SPF+ optic connection. Over Ethernet connection is created tunnel IPsec connection

Ethernet test
flat ping on Ethernet: NO pings lost

IPsec test
flat ping test: loosing 10 packages per hour; ( no other traffic on line)

IPSEC config
Code: Select all
/ip ipsec peer
add address=192.168.197.2/32 enc-algorithm=aes-256 local-address=\
    192.168.197.1 policy-group=default secret=test
/ip ipsec policy
add dst-address=172.16.198.0/30 sa-dst-address=192.168.197.2 sa-src-address=\
    192.168.197.1 src-address=192.168.198.0/30 tunnel=yes
Any suggestions? Is 1590 MTU2 too low?
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7056
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Losing flat ping packages over IPsec

Thu Aug 28, 2014 1:04 pm

Packets can be dropped if they arrive out of order over the ipsec tunnel.
And 10 packets per hour is nothing, you shouldn't worry about it.
Top
 
pchott
newbie
Topic Author
Posts: 44
Joined: Tue Apr 29, 2014 11:15 am
Location: Holzkirchen, Germany

Re: Losing flat ping packages over IPsec

Thu Aug 28, 2014 1:57 pm

Thank you for information.

Regarding that I have direct connection how high MTU2 would you suggest?
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7056
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Losing flat ping packages over IPsec

Thu Aug 28, 2014 2:15 pm

Set it according to your needs. CCRs support MTU up to 10k, so there shouldn't be any problems with 1590 MTU
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 125 guests
  4. RouterOS
  5. General