Allow me to ask for help to solve the following problem with latency. I have a network which is on one side the Strongswan server and on the opposite side are terminals connected through DSL, cable or wifi. When I am testing latency through the IKEv2/IPsec tunnels in the directions from these terminals to the server and from server to these terminals with the datagram lengths from 40 to 8000. The pinging intervals are 5s to 1min, the RRT is from 25 to 50ms, so all is O.K. Now I had to connect to this network some terminals which are connected through LTE. When I am testing latency through the tunnels between these terminals and the server in direction from the terminal to the server with datagrams length from 40 to 1500 the RRT values are 30-60ms (in average cca 45ms) (O.K).
If the datagram length is larger than 1500 the packet does not pass to the server at all (?). The problem is with the latency in the opposite direction from the server to the LTE terminal. With the datagrams lengths from 40 to 1500 the RRTs are moving between 40 to 700ms and sometimes from 200 to 1000ms. With these latencies the terminals are unusable for reliable bidirectional transfer of any data. The datagram larger then 1500 also does not pass from the server to the terminal (?).
Because the SIM card in the terminal has a public IP address I am able to test the latency between the server and the terminal directly without the IPsec tunnel. the RRT values are around 50ms in the both directions (O.K). The MTU and other parameters on the Debian strongswan server have their default values at present. I am not experienced in this field and I hope and believe with your help the mentioned problem will be successfully solved :-)
For any help thank you in advance.
