I’ll try to put in a network diagram to show the configuration:
Internet-FW–Net A —SK1
Network B is a physical transport for a vpn connection of Net A to Net C.
SK = soekris 5501 fw’s running zsbeta12. A VPN tunnel has been established between the 2 5501’s, with a bridge on each SK1 to the VPN.
Traffic is measured by MRTG on the SK’s bridges and found to average 700kbs.
The routing has been set up so that any internet access on Net C goes to Net A, then out from Net A’s internet access. A download test from a PC on Net C shows a throughput of 2.1mbs. Ping from a pc on Net A to a pc on Net C through the VPN is about 700-1000ms, depending on traffic over the VPN. If there is little traffic on the vpn, this ping test shows about 40ms. A ping from SK1 to SK2 over Net B (therefore not through the vpn tunnel) consistently shows about 20-30 ms (no matter what traffic load over the vpn tunnel) – which is the expected delay through Net B.
I have to reduce the delay cost of the vpn down to 50ms or so.
Hope this info helps.