Hi
I stumbled across strongswan issue #1220 (Issue #1220: Random packet loss using AES - strongSwan) on a VyOS 1.1.7 IPsec VPN Gateway in Amazon AWS. So we have 2-4% packet loss. All my tests confirm it’s this bug (packet loss only with small packets, only AES and only on AWS).
Is there a workaround (beside change to 3DES) or a solution (before VyOS 1.2.x)?
thanks
Line2
Edit:
I also tested last nightly build, same problem, it also contain strongswan V5.3.5
ok, I asked it on phabricator
Hi, please check back on Issue #1220: Random packet loss using AES - strongSwan for updates - I managed to find 2 workarounds: either upscale instance to at least “m4” - or upgrade kernel/strongswan.
Bye!
Hi David,
Did you tried m3.medium? This instance is cheap and near the value of a t2.micro.
I did several tests and I saw packet loss and weird bandwidth performance when using t2.micro instances. With m3.medium it looks like the performance is stable with no packet loss.
Note that m3.medium is considered “Moderate” in term of Network performance for AWS and the t2.micro is “Low to Moderate” . Despite this, t2.micro is burst instance then, the performance is no guarantee.