Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 24 replies
  • Subscribers 49 subscribers
  • Views 25425 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Connection Slow (warning large screenshots)

Paul C1

Hi All,

 

I am experiencing very slow SSL VPN speeds (10x slower than internet upload speed, 70x slower than internet download speed). I read almost all posts I could find, but no solution worked.

Can you help me out?

 

Thanks,

 

 

Here is what I have as a setup:

Hardware: Qotom q355g4, 6GB RAM, 120GB SSD, (Sophos XG runs directly on the hardware)

Internet connection:

Resource usage:

Transfer speeds on the VPN (both download and upload):

SSL VPN UDP Settings:

 

VPN to LAN  rule:



This thread was automatically locked due to age.
Parents
  • 0

    When you use UDP it may be wise to decrease the MTU on your client to 1312. This depends on your ISP.

  • 0 in reply to Weatherlights

    Hi Weatherlight,

    When I am running a ping both on LAN and on remote via SSL VPN towards server on LAN, I get the following:

    C:\Users\user_name>ping google.ca -f -l 1382

    Pinging google.ca [172.217.13.163] with 1382 bytes of data:
    Reply from 172.217.13.163: bytes=64 (sent 1382) time=9ms TTL=54
    Reply from 172.217.13.163: bytes=64 (sent 1382) time=9ms TTL=54
    Reply from 172.217.13.163: bytes=64 (sent 1382) time=10ms TTL=54
    Reply from 172.217.13.163: bytes=64 (sent 1382) time=13ms TTL=54

    Ping statistics for 172.217.13.163:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 9ms, Maximum = 13ms, Average = 10ms

    I am on cable and not PPOE (DSL)

     

    Without modifying anything on the server, I added the following on the client .conf file:

    tun-mtu 1382

    no  change.

    I then tried:

    tun-mtu 1382
    mssfix 1342

    no change.

    No change either for: tun-mtu 1312 as you suggested.

    Maybe I am doing things wrong.

    Any document detailing how to modify the MTU on SFOS XG for SSL VPN in UDP mode?

  • 0 in reply to Paul C1

    Hello,

    I tried a lot of combinations but SSL VPN traffic is too slow (around 1Mbit). I have a 100Mbit connection, both directions.

    Disabling IPS and Compression does not improve speed.

     

    I am using Sophos XG 125 appliance, release 17.5 MR8.

    Below my actual settings

    Regards,

    Alessandro

  • 0 in reply to alessandro scuderi

    Youve got very weak security settings here. Those protocols are old and treated as unsafe.

    This is not combined with ur problem but just mention ^^

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

Reply Children
Unfiltered HTML