Thread Info
  • State Verified Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 100 replies
  • Answers 2 answers
  • Subscribers 52 subscribers
  • Views 52818 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Poor SSL VPN performance when using TCP

Dreamcatcher

Hello folks,

 

i am pretty disappointed with the SSL VPN performance on TCP connections. When using TCP i only get ~16 Mbit/s when copying files over SMB. With UDP the performance is much better and i get the full 50 MBit/s. This is not acceptable at all, since i always got the full performance with UTM on even slower hardware and i need to use TCP on some sites. I've tested this on multiple appliances with our customers (XG210, XG125, XG115 etc.) and it's always the same: TCP performance on SSL VPN is plain bad and there is no heavy load on the CPUs involved.

 

Is this a bug, or is the TCP SSL VPN performance really that bad compared to UTM?



This thread was automatically locked due to age.
Parents
  • 0

    Shouldnt be the case, as i tested it with Sophos Connect 2.0 back in the days on multiple devices. 

    Do you use Compression on SSLVPN? 

    Did you try Sophos Connect 2.0 or the OpenVPN Client? 

    Did you only try SMB? Can you try other protocols, as SMB can actually cause such problems (re transmissions). 

    Likely caused by MTU Issues: https://forums.openvpn.net/viewtopic.php?t=25039

     

     

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I only tried the OpenVPN Client, which i also used with UTM all the time without any problems. I use UTM and XG with default settings for VPN and Network Ports. As far as i can see,  both are using the same settings, so why is UTM so much faster on TCP connections? Even if it has to do with SMB and/or MTU, it just works with UTM and it's not with XG.

    Maybe you try and see for yourself, as i tested this with multiple appliances.

     

    Edit:
    I made a simple test without SMB involved. I used a VPN profile with default gateway option enabled and went to https://fast.com for a speedtest. The results are pretty much the same:

    53 Mbit/s for UDP SSL VPN
    14 Mbit/s for TCP SSL VPN

    So what to do about this? Can't be i am the only one facing this problems. XG is using the latest firmware available (18.0.1 MR-1)

Reply
  • 0 in reply to LuCar Toni

    I only tried the OpenVPN Client, which i also used with UTM all the time without any problems. I use UTM and XG with default settings for VPN and Network Ports. As far as i can see,  both are using the same settings, so why is UTM so much faster on TCP connections? Even if it has to do with SMB and/or MTU, it just works with UTM and it's not with XG.

    Maybe you try and see for yourself, as i tested this with multiple appliances.

     

    Edit:
    I made a simple test without SMB involved. I used a VPN profile with default gateway option enabled and went to https://fast.com for a speedtest. The results are pretty much the same:

    53 Mbit/s for UDP SSL VPN
    14 Mbit/s for TCP SSL VPN

    So what to do about this? Can't be i am the only one facing this problems. XG is using the latest firmware available (18.0.1 MR-1)

Children
No Data
Unfiltered HTML