This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN speed fluctuation after hardware upgrade

Hi,

 

I have a strange problem, I upgraded my server from 2Gb to 4Gb RAM faster CPU and from two Realtek nics to a two port I350. I reinstalled the utm and restored the backup. I have a 400/40Mbit connection, the server 1Gb/200Mbit. My problem is that before the upgrade I had a constant 160Mbit download and 40Mbit with L2TP on the client but since the upgrade the results are worse, the average is 45/25, the download starts from about 150Mbit gets slower and finaly settles at the 40Mbit region.

This is the speed graph of a large dowload. I tried to disable QOS and IPS without any result. What could be the reason for that? Thanks in advance

 



This thread was automatically locked due to age.
Parents
  • Hi CF,

    Verify the bandwidth received by individual ends. To check this on the UTM, take SSH to the UTM and log in as root, refer to, Accessing UTM via SSH. Download a test file using the wget --no-check-certificate -O, command and check what bandwidth does the UTM receive. 

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • @

    I notice this too on my l2tp/ipsec vpn.  When connected to the vpn and IPS is enabled, speed tests (speetest.net for example) is at full speed, but transfers from non internet sources (subnets behind the utm) are throttled.

    Looking at top while ssh'd into the utm shows snort at heavy cpu even through an ips exception has been established.  In fact, I see a very similar speed graph develop where it starts out fast then falls on its face.  Details in this thread: https://community.sophos.com/products/unified-threat-management/f/network-protection-firewall-nat-qos-ips/101357/windows-file-sharing-over-l2tp-ipsec-vpn

    I'm not sure if the OP's and my issues are related, the symptoms seem similar.

  • Hi Jay Jay, I just read your topic, I have 3 different mtu's /lan 1500, fiber 1492, vpn 1380/ so that could be a problem, but on the other hand it was the same with the original cheap realtek nics and I had three times the download speed I have now. Unfortunately I see the same low numbers with speedtest too.   

  • ^^IPS is a tricky thing.  I had to make a separate exception (which is being honored) to ignore certain speed test site traffic.  Otherwise my fiber gigabit speeds became more like 300-400 mbps.  This apply to both vpn and non vpn traffic. 

    In addition, because the vpn was using udp, another exception had to be added to ignore udp flooding (which caused significant slow downs on the vpn).

    Perhaps you had something similar like this defined before but these did not carry over because of the NIC changes¿?

    The MTU issue was something I discovered with IPS and flood monitoring was disabled.  Vpn speeds were still poor.  In fact, having these disabled altogether would be a good starting point for establishing baseline. Otherwise too many factors complicate isolating the issue.  Right now, I have mtu at 1472 on everything (gateway, lan and wan interfaces).  My only remaining issue is trying to get snort to ignore vpn client <> local network traffic.

  • Thanks for the tips, I modified the exception list by adding not just the services but also the whole l2tp network to it and now I see the 150+Mbit speeds again..:) I don’t know what changed, how it worked before and why I received the low scores even when everything was turned off but I can live with these results. Now my CPU seems to be the limiting factor, snort and afcd are at 90 and 80 percent while running speedtest.

Reply
  • Thanks for the tips, I modified the exception list by adding not just the services but also the whole l2tp network to it and now I see the 150+Mbit speeds again..:) I don’t know what changed, how it worked before and why I received the low scores even when everything was turned off but I can live with these results. Now my CPU seems to be the limiting factor, snort and afcd are at 90 and 80 percent while running speedtest.

Children
No Data