Hi @Bonfigleo 

Thanks for posting in our business forum.

If you roll back the firmware and the problem persists, it is more likely to be a problem with your ISP.

In your description, you stated that you have a 200Mbps speed between two sites which means both sites can reach at least 200Mbps. I am not sure of your region but this high upload bandwidth is rare in my region.

It usually allows you 10% of the DL. If you need more, you need to pay extra for the enterprise plan.

Regarding the VPN, as long as you have ping and ssh working, it means the VPN tunnel is still up and running.

What you can do at most, is to redo the VPN connection and see if there is any improvement.

I cannot rule out that you have a setup error in the IP arranging. It may be a problem with that and I would recommend you examine everything again.

This does not look like a software issue with the firmware based on the given information.

Hi @Bonfigleo 

Thanks for posting in our business forum.

Bonfigleo wrote

  @Clive_A I guess my message was not clear.  Both routers have > 1gps fiber.  This vpn was consistently getting 200mbps.  As you can see below, the speed between the sites is over 500mbps without the vpn.

 

I have redone the VPN auto, manual and even as a client-to-site.  The result is the same.  Given that the tunnel is connecting and some small amount of traffic is getting through, it seems like it has to be some misconfiguration on one or both or the routers causing the issue.  One thing that I have noticed is the following odd behavior with iperf.  When I start a test, it gets a small amount of data through in the first second and then nothing for the rest of the test.

 

Connecting to host 192.168.2.5, port 5201

[  5] local 192.168.2.40 port 50635 connected to 192.168.2.5 port 5201

[ ID] Interval           Transfer     Bitrate

[  5]   0.00-1.01   sec   384 KBytes  3.13 Mbits/sec                  

[  5]   1.01-2.01   sec  0.00 Bytes  0.00 bits/sec                  

[  5]   2.01-3.01   sec  0.00 Bytes  0.00 bits/sec                  

[  5]   3.01-4.01   sec  0.00 Bytes  0.00 bits/sec                  

[  5]   4.01-5.01   sec  0.00 Bytes  0.00 bits/sec                  

[  5]   5.01-6.00   sec  0.00 Bytes  0.00 bits/sec                  

[  5]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec                  

[  5]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec                  

[  5]   8.00-9.01   sec  0.00 Bytes  0.00 bits/sec                  

[  5]   9.01-10.00  sec  0.00 Bytes  0.00 bits/sec                  

- - - - - - - - - - - - - - - - - - - - - - - - -

[ ID] Interval           Transfer     Bitrate

[  5]   0.00-10.00  sec   384 KBytes   315 Kbits/sec                  sender

[  5]   0.00-10.05  sec   128 KBytes   104 Kbits/sec                  receiver

 

 

For reference, here is the iperf directly over the internet with no vpn

 

[  5] local 192.168.0.2 port 43636 connected to 172.13.48.177 port 5201

[ ID] Interval           Transfer     Bitrate         Retr  Cwnd

[  5]   0.00-1.00   sec  37.5 MBytes   314 Mbits/sec    6   6.53 MBytes       

[  5]   1.00-2.00   sec  61.4 MBytes   515 Mbits/sec    0   6.73 MBytes       

[  5]   2.00-3.00   sec  60.9 MBytes   511 Mbits/sec    0   6.73 MBytes       

[  5]   3.00-4.00   sec  62.0 MBytes   520 Mbits/sec    0   6.73 MBytes       

[  5]   4.00-5.00   sec  31.8 MBytes   266 Mbits/sec  1979   4.71 MBytes       

[  5]   5.00-6.00   sec  60.8 MBytes   510 Mbits/sec    0   4.71 MBytes       

[  5]   6.00-7.00   sec  58.9 MBytes   494 Mbits/sec    0   4.71 MBytes       

[  5]   7.00-8.00   sec  58.9 MBytes   494 Mbits/sec    0   4.71 MBytes       

[  5]   8.00-9.00   sec  57.0 MBytes   478 Mbits/sec  1079   3.32 MBytes       

[  5]   9.00-10.00  sec  58.5 MBytes   490 Mbits/sec    0   3.32 MBytes       

- - - - - - - - - - - - - - - - - - - - - - - - -

[ ID] Interval           Transfer     Bitrate         Retr

[  5]   0.00-10.00  sec   548 MBytes   459 Mbits/sec  3064             sender

[  5]   0.00-10.05  sec   547 MBytes   456 Mbits/sec                  receiver

Diagram along or before you post with the IPs.

IPsec, site-to-site, right?

Both are updated to 1.2.3?

Hi @Bonfigleo 

Thanks for posting in our business forum.

Bonfigleo wrote

  @Clive_A Yes, both are on 1.2.3.  IPSEC site-to-site with all the defaults either auto or manual.  I should also mention that they are both on a single controller.

Controller just controls. It does not involve in the speed problems.f