Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 10003 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec ping times 300+ms

Greg Rogers

I have a XG 210 (server) and PFSense (client) forming a IPSec site-to-site tunnel. Everything works, but when I ping from either end the response times are 200-500ms!

 

I've tested this with 2 different setups in two completely different parts of the state. Is IPSec just that slow?

 

I have 2 other locations with an XG on both sides doing SSL VPN site-to-site and ping is 50-60ms.

 

 

I've turned off perfect forward secrecy as well as I read in another thread on here, that was an issue causing slow speeds. That did not fix the issue.

 

Hope someone knows the answer!


Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    As XG Firewall does not supports Path MTU Discovery, try setting the MSS to 1400 manually (By default it is set to 1460) on the LAN interface in order to prevent Fragmentation due IPSec overhead. Initiate the ping from LAN of the XG Firewall, and monitor the response time. 

     

    Let us know if this improves the performance over IPSec.

Reply
  • 0

    As XG Firewall does not supports Path MTU Discovery, try setting the MSS to 1400 manually (By default it is set to 1460) on the LAN interface in order to prevent Fragmentation due IPSec overhead. Initiate the ping from LAN of the XG Firewall, and monitor the response time. 

     

    Let us know if this improves the performance over IPSec.

Children