IPSec VPN - Bankdwidth problems

Hi All,

I’ve setup two Routerboards with an IPSec VPN tunnel using these instructions:
http://wiki.mikrotik.com/wiki/IPSec_VPN_with_Dynamic_Routing_/_Mikrotik_and_Cisco

Everything seemed to work fine, can ping on both sides, can remote servers through the tunnel, but then I setup a web server on one side and have now noticed bandwidth issues.

Both sides have over a 512kb connection up and down.

I’ve been testing with Bandwidth Tester and this is what I’ve found.
If I do a TCP bandwidth test from Router 2 to Router 1 and Send, I get about 512kb, which is great. If I do a Receive from Router 2 to Router 1, I MIGHT get up to 15kb, but usually it just sits at 0bps. Likewise if I go to Router 1 and connect to Router 2 doing a Receive is fine, but a Send is virtually nothing.

If I look at the total bandwidth usage for all my interfaces there isn’t much being used, so it’s not like something else is eating my internet connection bandwidth.

I’ve disabled all Simple Queues on both RB’s, no Queue Trees setup.

I can’t figure out what would be limiting the one side from sending.

Any ideas? Is there any type of VPN specific bandwidth throttling?

Thanks so much

-Carus

first of, try to run bandwidth-test through the routers, not from one router to the other.

what (how powerful) routers you are using, because ipsec is very CPU intensive, and if you are running badwidth-test from the same router, then you will get no performance.

as you describe - you have configured ipsec properly (basically you can check that by checking out installed-sa and if you see peer neighbours)

Just do bandwidth tests from and to the router, it looks like you have upload problem to router 1.

Regards

Faton

if router is not powerful enough - it could not generate a lot of traffic and in the same time encrypt it for ipsec as both operations are cpu intensive