Community discussions

MikroTik App
  4. RouterOS
  5. General

IKEv2 very slow transfer  [SOLVED]

Post Reply
 
mikemac
just joined
Topic Author
Posts: 6
Joined: Mon Dec 17, 2018 12:49 pm

IKEv2 very slow transfer

Sun Oct 11, 2020 12:11 am

Hi,

I have problem with my IKEv2 because I have very slow transfer to hosts behind MT (RB2011UiAS with 6.46.7).

My configuration is:
Code: Select all
ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=vpn_profile
ip ipsec peer add exchange-mode=ike2 local-address=public_ip name=vpn_peer passive=yes profile=vpn_profile send-initial-contact=no
ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=vpn_proposal pfs-group=none
ip pool add name=vpn_pool ranges=192.168.0.2-192.168.0.10
ip ipsec mode-config add address-pool=vpn_pool address-prefix-length=32 name=vpn_config split-include=0.0.0.0/0 static-dns=8.8.8.8 system-dns=no
ip ipsec identity add auth-method=digital-signature certificate=router generate-policy=port-strict match-by=certificate mode-config=vpn_config peer=vpn_peer remote-certificate=user1 remote-id=fqdn:user1@domain.com
ip ipsec policy set proposal=vpn_proposal template=yes action=encrypt ipsec-protocols=esp
Connection is established from Mac OS based on native IKEv2 built in client.
Results (iperf3):

[ 4] 0.00-1.00 sec 623 KBytes 5.08 Mbits/sec
[ 4] 1.00-2.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 2.00-3.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 3.00-4.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 4.00-5.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 5.00-6.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 6.00-7.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 7.00-8.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -

And all remote web panels are loading very slow through the vpn.
Who can help me? Thanks in advance.

Mike
Top
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11362
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEv2 very slow transfer  [SOLVED]

Sun Oct 11, 2020 10:37 am

First, is there an action=fasttrack-connection rule in chain=forward of /ip firewall filter?

If yes, disable it and try again with a new test connection from the MacOS (already existing connections will not be affected by the change).

If that helps, come back for an instruction how to exempt only traffic handled by IPsec from fasttracking (as you have a 2011, you'll likely to need that); if it doesn't help, follow the hint in my automatic signature right below.
Top
 
mikemac
just joined
Topic Author
Posts: 6
Joined: Mon Dec 17, 2018 12:49 pm

Re: IKEv2 very slow transfer

Sun Oct 11, 2020 11:25 am

It works like a charm ;)
Thanks a lot!
Top
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11362
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEv2 very slow transfer

Sun Oct 11, 2020 11:53 am

Depending on the other traffic of your router and your uplink bandwidth, disabling the fasttracking rule may have pushed the router beyond its limits. You can use /tool profile to visualize the difference between the fasttracking rule being first disabled and then enabled while the average traffic is being handled.
Top
 
mikemac
just joined
Topic Author
Posts: 6
Joined: Mon Dec 17, 2018 12:49 pm

Re: IKEv2 very slow transfer

Sun Oct 11, 2020 12:31 pm

Thanks!
Top
Post Reply
  4. RouterOS
  5. General