I am testing FRR DMVPN using Strongswan IPSec + GRE. Tunnels work great and they are easily established between the branch offices. Tunnels work great and they are easily established between the branch offices. circuit. I tried to use AES-GCM encapsulation and tweak the TCP-MSS & MTU. however, I am not getting the desired results. CPU: Xeon 2nd Generation scalable. 6 cores per VM. 4 GB RAM - Ubuntu 20.04 I tried to use AES-GCM encapsulation and tweak the TCP-MSS & MTU. however, I am getting 30-50 Mb/s speed instead of 400 Mb/s which I get without IPsec. Here are my sample IPsec configs for reference
conn dmvpn
authby=secret
auto=add
keyexchange=ikev1
ike=aes128gcm16-aesxcbc-modp2048
esp=aes128gcm16-modp1024
dpdaction=clear
dpddelay=300s
left=%any
leftid=%any
right=%any
rightid=%any
leftprotoport=gre
rightprotoport=gre
type=transport
keyingtries=%forever
Asked by Isravel Raja
(1 rep)
Jan 5, 2024, 08:30 PM
Last activity: Jan 8, 2024, 10:13 PM
Last activity: Jan 8, 2024, 10:13 PM