Strongswan issue #1220 (packet loss on AWS)


#1

Hi

I stumbled across strongswan issue #1220 (https://wiki.strongswan.org/issues/1220) on a VyOS 1.1.7 IPsec VPN Gateway in Amazon AWS. So we have 2-4% packet loss. All my tests confirm it’s this bug (packet loss only with small packets, only AES and only on AWS).

Is there a workaround (beside change to 3DES) or a solution (before VyOS 1.2.x)?

thanks
Line2

Edit:
I also tested last nightly build, same problem, it also contain strongswan V5.3.5


#2

ok, I asked it on phabricator


#3

Hi, please check back on https://wiki.strongswan.org/issues/1220 for updates - I managed to find 2 workarounds: either upscale instance to at least “m4” - or upgrade kernel/strongswan.
Bye!


#4

Hi David,
Did you tried m3.medium? This instance is cheap and near the value of a t2.micro.
I did several tests and I saw packet loss and weird bandwidth performance when using t2.micro instances. With m3.medium it looks like the performance is stable with no packet loss.
Note that m3.medium is considered “Moderate” in term of Network performance for AWS and the t2.micro is “Low to Moderate” . Despite this, t2.micro is burst instance then, the performance is no guarantee.