I have two ERX in two sites using a VTI IPSec site-to-site VPN. The VPN works well, pinging between computers on opposite sites are fine too (consistently ~40-50ms).
But if I use SSH over the the tunnel (ie, ssh to a remote computer, or to the remote ERX), it feels very sluggish - it takes a second or more for a keystoke to register. It's almost like a tcp_nodelay or Nagle's algorithm related, but I'm not sure
Things I've tried so far without success.
- Removing QoS on both ends
- Disabling hwnat offload
- Disableing ipsec offload
- Reducing IPSec / IKE strength.
Currently running 1.9.1beta1, but I saw this in 1.9.0.
Has anyone seen this?
