I have an IPSec tunnel that I have been using iperf3 to test speed. I’m on a 50/12mbits link.
I was getting only 25mbits maximum when doing iperf across the IPSec tunnel. If I bypassed the tunnel to the same iperf server, I would get 47mbits which is pretty well bang on what I’d expect.
Looking further into it, I found that after disabling QoS, I could get 47mbits through.
So it became evident to me that QoS is doing something to cripple my IPSec tunnel.
Having a look I could see my correctly categorised VPN traffic, and also some default traffic (which was iperf). I guess in theory the iperf traffic and the VPN traffic could be competing with each other?
So what I have done is I have put iperf in the VPN category, and so now all traffic is green, the VPN category, there are no categories competing against each other and so I would expect VPN traffic to run at the maximum rate that I assign to the VPN category:
See all the nice green VPN traffic, no conflicting or competing traffic.
Above is my categorisation of VPN traffic.
I also have the error mentioned by someone else in another thread:
Jun 18 01:39:10 NF-WKIT-01 codel: Codel AQM could not be enabled on 'imq0'. Error code: 2
When I reboot the IPFire device that error message is in the logs from startup. I am guessing that QoS is borked for me?
This is my iperf through the ipsec tunnel with QoS on:
This is my iperf with QoS turned off:
You can see the big difference right? So QoS is killing my S2S tunnel