Regression #13345
closed
IPSEC tunnel loosing packets after upgrade to 22.05 between NG 1100 and NG 7100
0%
Description
After upgrading i noticed horrible performance over the tunnel to work.
ping gives loss and hundreds and thousands of ms. 
I tried changing around the ciphers but only way to fix the problem I've found so far is to reboot the 1100.
That will get me solid 8ms pings and no drops for a while. (This morning less than an hour before the.)
That makes me suspect the problem is with the 1100 and not the 7100 at the office.
At home I have 250/250 fiber and at work 1G/1G fiber. No speed problems are observed outside the tunnel.
At first I thought it could be related to the 2100 MBUF issue but MBUF Usage is only 7% (1526/20428) with the tunnel in the bad state.
SafeXcel is active and the tunnel is configured with:
P1 IKEv2, Mutual PSK, AES128-GCM, 128 bits, sha384, DH 14.
P2 ESP, AES128-GCM, 128bits, PFS 14
I tried AES-CBC, DH 21 and PFS 21, SHA256 and some variations but just restarting the tunnel to get the new values doesnt't help.
I will try changing to cbc and restarting the fw and see if it degrades again.
Please let me know what more info you want me to supply to pin down the problem.
Regards, Lars
Files
| clipboard-202207080940-bwkrg.png (15.9 KB) clipboard-202207080940-bwkrg.png | Ping with tunnel in bad state |
Updated by