IPSec buffer error

Hi,

Using a VyOS AWS AMI I noticed the bellow error message when one IPSec tunnel carries around 25Mbps:

ERROR: "peer-x.x.x.x-tunnel-1" #328: sendto on eth0 to x.x.x.x:500 failed in ISAKMP notify. Errno 105: No buffer space available

I moved the traffic to the secondary VyOS router (same instance size as the primary) and the same error message appeared. The actual symptoms are packet loss and increased latency. The instance CPU is sitting at around 30%. Any thoughts on what type of limit is being hit here and how to get around it (configuration change etc.)?

Thank you

Hi, can you try increase some sysctl params and test again?

set system sysctl custom net.core.rmem_default value '425984'
set system sysctl custom net.ipv4.tcp_rmem value '4096 212992 6291456'

I tested ipsec recently with speed more 1Gbps without any sysctl modification and didn’t see any issues.

Thanks - I have implemented and will get back to you with the results