Hey guys,
Having some latency issues with an IPSec VPN between a RB750GL → RB1200. Both are running ROS 5.14, both with newest firmware. The VPN works without a problem, except for the latency rise.
Pinging RB750GL → RB1200 - WAN interfaces - 41ms average over 200 packets.
Pinging RB750GL → RB1200 - inside the VPN - 59ms average over 200 packets.
Config on the 750GL:
/ip ipsec peer
address=1200-WAN_IP/32 port=500 auth-method=pre-shared-key secret="password" generate-policy=no exchange-mode=main send-initial-contact=yes nat-traversal=no my-id-user-fqdn="" proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
/ip ipsec policy> print
src-address=192.168.2.0/24 src-port=any dst-address=192.168.1.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=750GL-WAN_IP sa-dst-address=1200-WAN_IP proposal=default priority=0
/ip ipsec proposal> print
* name="default" auth-algorithms=sha1 enc-algorithms=aes-128 lifetime=30m pfs-group=modp1024
Config on the 1200:
/ip ipsec peer> print
address=750GL-WAN_IP/32 port=500 auth-method=pre-shared-key secret="password" generate-policy=no exchange-mode=main send-initial-contact=yes nat-traversal=no my-id-user-fqdn="" proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
/ip ipsec policy> print
src-address=192.168.1.0/24 src-port=any dst-address=192.168.2.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=1200-WAN_IP sa-dst-address=750GL-WAN_IP proposal=default priority=0
/ip ipsec proposal> print
* name="default" auth-algorithms=sha1 enc-algorithms=aes-128 lifetime=30m pfs-group=modp1024
Is this much latency added normal? I tried with 3DES for proposal (phase2) encryption, and it was the same.
Thanks,
tom