This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN speed fluctuation after hardware upgrade

Hi,

 

I have a strange problem, I upgraded my server from 2Gb to 4Gb RAM faster CPU and from two Realtek nics to a two port I350. I reinstalled the utm and restored the backup. I have a 400/40Mbit connection, the server 1Gb/200Mbit. My problem is that before the upgrade I had a constant 160Mbit download and 40Mbit with L2TP on the client but since the upgrade the results are worse, the average is 45/25, the download starts from about 150Mbit gets slower and finaly settles at the 40Mbit region.

This is the speed graph of a large dowload. I tried to disable QOS and IPS without any result. What could be the reason for that? Thanks in advance

 



This thread was automatically locked due to age.
Parents Reply
  • Hi Jay Jay, I just read your topic, I have 3 different mtu's /lan 1500, fiber 1492, vpn 1380/ so that could be a problem, but on the other hand it was the same with the original cheap realtek nics and I had three times the download speed I have now. Unfortunately I see the same low numbers with speedtest too.   

Children
  • ^^IPS is a tricky thing.  I had to make a separate exception (which is being honored) to ignore certain speed test site traffic.  Otherwise my fiber gigabit speeds became more like 300-400 mbps.  This apply to both vpn and non vpn traffic. 

    In addition, because the vpn was using udp, another exception had to be added to ignore udp flooding (which caused significant slow downs on the vpn).

    Perhaps you had something similar like this defined before but these did not carry over because of the NIC changes¿?

    The MTU issue was something I discovered with IPS and flood monitoring was disabled.  Vpn speeds were still poor.  In fact, having these disabled altogether would be a good starting point for establishing baseline. Otherwise too many factors complicate isolating the issue.  Right now, I have mtu at 1472 on everything (gateway, lan and wan interfaces).  My only remaining issue is trying to get snort to ignore vpn client <> local network traffic.

  • Thanks for the tips, I modified the exception list by adding not just the services but also the whole l2tp network to it and now I see the 150+Mbit speeds again..:) I don’t know what changed, how it worked before and why I received the low scores even when everything was turned off but I can live with these results. Now my CPU seems to be the limiting factor, snort and afcd are at 90 and 80 percent while running speedtest.