SSL VPN (Remote Access) Performance Issues - Tunnel Access, DNS and Speed

I have successfully installed and configured the SSL VPN client on a few users' laptops. However, I am getting some complaints regarding performance. Should "Use as default gateway" be enabled or disabled? If I want to allow access to devices on the local network should I be using the local DNS as the primary DNS server? I have also noticed that the Sophos SSL VPN Ethernet adapter is using a fast Ethernet connection, is it possible to change this to use gigabit?

  • SSL VPN Performance issues can be related in various reasons. 

    How did you measure the performance? Would suggest to perform some tests with a stabile connection at home and test, what your actual performance is. 

  • Hi  

    I would request you to refer the video - https://vimeo.com/209223093

  • Use as default gateway will force all traffic to go back to the XG in order to get to the internet. This will have a negative effect on internet performance. Try using udp and turn off compression to help with general performance.

    Be aware users may be comparing their experience against being in the office, if they are trying to use apps hosted in the LAN behind XG it will seem much worse from user perspective. Find out exactly what it is which is not performing as expected.

  • In reply to Shaun_:

    especially if loading data across the VPN.

    Ian

  • In reply to Shaun_:

    Thank you for your response, I will try your suggestions. We are an architectural design firm and all our remote employees use the VPN to access AutoCad files. Therefore, the slow performance is regarding access files from our local file server, not internet performance. 

  • In reply to LuCar Toni:

    I am measuring performance based on the users' experience accessing their AutoCad drawings from our local file server. All of our remote employees utilize the VPN strictly for our file server, and the performance is so bad that they can barely open the files. We have a good internet speed, but I noticed that the SSL client will only use a fast Ethernet network connection, as opposed to a gigabit. Do you know if there is any other client that can be utilized? 

  • In reply to rfcat_vk:

    Yes, that is my problem!

  • In reply to Randy Wade:

    Even if the Adapter would be a problem (100 mbit/s vs 1 gbit/s), that should not be noticeable.

    Do you have 100 mbit / 1 gbit/s upload on your XG?

     

    I would say, there is maybe a MTU size issue. 

     

    There is a page on the OpenVPN Community about optimization.

    Many of those suggestions are applicable for XG.

    https://hamy.io/post/0003/optimizing-openvpn-throughput/

     

  • In reply to LuCar Toni:

    I have a 1 gbit upload on the XG, what do you suggest trying for the MTU size?