Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 1893 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site Slow

CarlosNaldinho

I have a site to site VPN setup using to instances of Sophos UTM 9. Everything works fine except I find it is a bit slow. Copying from site B NAS to Site A I get just under 1 MB/s usually more in the 700-900 KB/s range which isn't awful but opening directories takes forever -- like if I click on a folder it can take 30 seconds or more before it even opens and then it takes forever to populate. I have decent internet at both ends so I expected better.

I'm using IPsec -- Auto Firewall rules and strick routing on -- I've lowered the policy to AES-128 PFS to see if that would help but no change. Neither Sophos instances show any significant resource spike (CPU is 2-9% and RAM is the mid-60s on one instance and under 50% on the other which is where it typically is).

Are there any typical issues I should be looking at or testing to determine why the VPN has so much lag?



This thread was automatically locked due to age.
  • 0

    Hey  

    Have you checked if you are experiencing any fragmented packets? Did you have Support Path MTU Discovery enabled in your remote gateways > advanced ?

    Here's a related article to help you troubleshoot.

    Regards,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • +1

    Carlos, try the following to ping from one "Internal (Address)" [10.10.10.1] to the other [172.30.0.1]:

     ping -I 10.1.1.34 172.30.0.20 -s 1500 -M do

    Lower the 1500 to find the maximum message length and then set the MTU of the Internal interfaces to that value.

    Also, if you've selected 'Support Path MTU Discovery', note that that requires that ICMP type 3 code 4 be allowed between the devices.  If that doesn't seem to be working, you might challenge your ISP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1 in reply to FloSupport

    Thank you for responding. I finally had a chance to return to this and yes I do have Support Path MTU Discovery enabled.

    That said the problem seems to have resolved itself. At least sort of. Most remote files when I right click on them the menu opens up right away. The spinning timer thing only happens on a small percentage of files -- it seems to be correlated with larger files and application files but not always. The far worst is the Media Download application for setting up Windows 10 but there is a small to medium delay on most application files. I can live with this as the vast majority of the time I just want to access my own files at the office and there seems to be no delay for PDFs or any other file created by productivity apps.

  • 0 in reply to BAlfson

    Thank you for the response. I was too busy to deal with this and when I returned to it I made the happy discovery that the issue is limited to a small percentage of files. It happened to be the files I needed when I made the post but for everyday use, I just need to access my files created by various productivity apps and those there is no delay. It would be nice to figure out why right-clicky on some application apps leads to a huge delay in the menu opening but not essential. I can live with this.

Unfiltered HTML