IPSEC link in Ad-Hoc WIFI link very slow - Networking

This is a discussion on IPSEC link in Ad-Hoc WIFI link very slow - Networking ; Hello. I have two laptops; one of them is connected to the internet, and acts as a router for the other. I'm using kernel 2.6.24 on both machines. As both laptop only have one ethernet port, and are WIFI-able, I ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: IPSEC link in Ad-Hoc WIFI link very slow

  1. IPSEC link in Ad-Hoc WIFI link very slow

    Hello.

    I have two laptops; one of them is connected to the internet, and acts as a
    router for the other.

    I'm using kernel 2.6.24 on both machines.

    As both laptop only have one ethernet port, and are WIFI-able, I hook up the
    router to the internet through its ethernet port, and the laptops
    communicate through WIFI.

    As I wanted to secure their exchanges, I set up an IPSEC link between them.
    I gave the router 192.168.1.3 for its IP, and 192.168.1.4 to the client.

    To route the packets, I set up 192.168.1.3 (the router) this way:

    /usr/local/sbin/dnsmasq
    echo 1 > /proc/sys/net/ipv4/ip_forward
    modprobe ipt_MASQUERADE
    /usr/sbin/iptables -F
    /usr/sbin/iptables -t nat -F
    /usr/sbin/iptables -t mangle -F
    /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
    echo 1 > /proc/sys/net/ipv4/ip_forward
    /usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /usr/sbin/iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
    /usr/sbin/iptables -P INPUT DROP
    /usr/sbin/iptables -A FORWARD -i eth0 -o eth0 -j REJECT

    To make sure that the only valid address on 192.68.1.* was that of the
    client, I added these rules to the firewall:

    /usr/sbin/iptables -A INPUT -s 192.168.1.4 -j ACCEPT
    /usr/sbin/iptables -A INPUT -s 192.168.1.0/255.255.255.0 -j REJECT
    /usr/sbin/iptables -A OUTPUT -s 192.168.1.3 -j ACCEPT
    /usr/sbin/iptables -A OUTPUT -s 192.168.1.0/255.255.255.0 -j REJECT

    However my WIFI link between the two laptops is very slow: when I ssh from
    the client to the router I have about 1 character-per-second typing and echo
    rate.

    Is my config flawed? How can I speed it up?

    Thanks!

    --
    Fabrice DELENTE

  2. Re: IPSEC link in Ad-Hoc WIFI link very slow

    On Nov 7, 9:23*am, Fabrice Delente wrote:
    > Hello.
    >
    > I have two laptops; one of them is connected to the internet, and acts asa
    > router for the other.
    >
    > I'm using kernel 2.6.24 on both machines.
    >
    > As both laptop only have one ethernet port, and are WIFI-able, I hook up the
    > router to the internet through its ethernet port, and the laptops
    > communicate through WIFI.
    >
    > As I wanted to secure their exchanges, I set up an IPSEC link between them.
    > I gave the router 192.168.1.3 for its IP, and 192.168.1.4 to the client.
    >
    > To route the packets, I set up 192.168.1.3 (the router) this way:
    >
    > /usr/local/sbin/dnsmasq
    > echo 1 > /proc/sys/net/ipv4/ip_forward
    > modprobe ipt_MASQUERADE
    > /usr/sbin/iptables -F
    > /usr/sbin/iptables -t nat -F
    > /usr/sbin/iptables -t mangle -F
    > /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
    > echo 1 > /proc/sys/net/ipv4/ip_forward
    > /usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    > /usr/sbin/iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
    > /usr/sbin/iptables -P INPUT DROP
    > /usr/sbin/iptables -A FORWARD -i eth0 -o eth0 -j REJECT
    >
    > To make sure that the only valid address on 192.68.1.* was that of the
    > client, I added these rules to the firewall:
    >
    > /usr/sbin/iptables -A INPUT -s 192.168.1.4 -j ACCEPT
    > /usr/sbin/iptables -A INPUT -s 192.168.1.0/255.255.255.0 -j REJECT
    > /usr/sbin/iptables -A OUTPUT -s 192.168.1.3 -j ACCEPT
    > /usr/sbin/iptables -A OUTPUT -s 192.168.1.0/255.255.255.0 -j REJECT
    >
    > However my WIFI link between the two laptops is very slow: when I ssh from
    > the client to the router I have about 1 character-per-second typing and echo
    > rate.
    >
    > Is my config flawed? How can I speed it up?


    I would not suspect the iptables config to cause slowness. It will
    either block 100% or let through speedily.

    Just to make sure, you should try briefly with the firewall disabled.
    If you are very worried about the security, use netstat -atp and
    netstat -utp, and kill all programs that listen on any interface other
    than the loopback interface (127.0.0.1).

    Try to set up masquerading as per rustys unreliable guides, instead of
    postrouting snat.

    Try something not involving IPSEC, and see how fast that is.

    You could try ping -i 0.2, and you could try ping -f. Man ping.

    Regards

  3. Re: IPSEC link in Ad-Hoc WIFI link very slow

    Cacadril wrote:


    Ok, thanks! I will try that.

    --
    Fabrice DELENTE

  4. Re: IPSEC link in Ad-Hoc WIFI link very slow

    Hi,

    would you please let us know, how you have implemented IPsec in ad hoc mode by giving the steps of the methodology should be followed

    Regards

  5. Re: IPSEC link in Ad-Hoc WIFI link very slow

    Also,

    is it efficient to use IPsec to secure the ad hoc communication or is it better to rely on another tool ?

    Emmanuel

+ Reply to Thread