VPN IPSEC site to site issue

Setup correctly MTU for RED adapter for both sites.

1 Like

Updated,
The network unstable when I try to access site2 and copy file on it to site1.

Hi All,
After changed MTU on 2 site, I can access file-server on Site2 normally. But when I try to copy large file size, it’s time out. I think the VPN traffic limited but I don’t know how to solve it.

@Vinam_Oil_Tools

Hi Cong

Since that after the MTU change you can at least access the file-server on site 2 correctly, but large files time out, one easy option would be to try smaller MTUs, using the same (eg: 1438) on both sides…

My 2 cents
Andy

And double check the RED interface parameters for uplink speed.
Nethserver knows how much data “can send” less than 1GBs only if the parameter is set into the interface.

Hi All,
After change MTU to 1438, it’s still the same issue when I try to copy large file size.

Hi Michael,
Yes, RED interface is 1Gbps.

Hi

Instead of using Windows Network Drive, try copying the same file(s) using eg WinSCP.
The idea is to test the VPN alone, without any “Windows” issues.

At the same time as transfering the file(s) you can have a CMD Windows open, using ping -t 10…x.x.x to see if the connection remains open…

With WinSCP, you can also test the same transfer without VPN, if the other NethServer has SSH accessible to the Internet. Just use the WAN IP instead of the internal 10.x.x.x IP…

→ Narrow the problem!


I just noticed:

You’re running at least one side on VMWare (ESXi?). Five days we’ve been trying to help you, and only now you show a screenshot implying you’re running on VMWare - before this, not one word saying VMWare or virtualization. Yet you’re having network issues, this could be important…

Don’t mistake me, I run all my 30 clients on virtualization, only my choice of Hypervisor is Proxmox, not VMWare, which I’ve been using since before 2000 (15 years VMWare!). So I’m NOT critisizing the use of virtualization, I even push it…

For installing a NethServer, it’s still necessary to manually set “Promisious Mode” on the NIC in VMWare, Proxmox has this set out of the box. Just one example of a “possible” issue.
Generally, NethServer works well on VMWare ESXi, when installed correctly.

Additionally, it seems you’re using a virtualized NethServer in VMWare as your Gateway, not really a very good idea. If either your VMWare host goes down, or NethServer has an issue, you won’t have Internet to check Google or the Forum to try to fix it… I have used this also in the past, but NEVER with NethServer (It’s always AD for my clients, and I will NEVER run firewall/gateway and AD on the same system.), I use here also OPNsense, and on Proxmox, for me a tested and replicable setup. Even though this works, it’s usually only a stopgap, eg whiile waiting for hardware. Certain common hardware are difficult to et due to supply chain issues due to Cpvid / War / Whatever.

My 2 cents
Andy

1 Like

Aside from the usual Proxmox full cannon crusade from @Andy_Wismer

The connection i was referring is on NethServer, that can be aware of the internet connection only if on the RED interface is setup maximum upload and download rate.
So.
If Nethserver considers to have (for example) 1gbps, when the internet connection is only 20mbps up and 100mpbs down, the transfer rate will spike up, than fall down.

Hi All,
I try to change VPN Site to site on Router Draytek 2925 on 2 site and VPN traffic is ok. But I just can access to WAN network(RED) and can’t access to LAN network(GREEN) on NethServer now.
So how can I route network RED to Green on NS?