Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN: Slow external (via Internet) connection via VPN (UDP and TCP / with and without compression)

Markus Schlueter

Hi there,

although I have a 100MBit (down) / 40 Mbit (up) Internet connection (I get at least 89 / 35) the network speed via VPN tunnel (over LTE 300MBit or another stationary Internet connection 150MBit / 10 MBit) is horrible slow (max. 6 MBit up and down).

I already tested to enable / disable compression, used TCP / UDP protocol and change the cryptographic settings (Key Size, etc.) -> nothing helped...

I did not configure a QOS setting for the firewall rules allowing the traffic between WAN / LAN.

 

Any ideas?



This thread was automatically locked due to age.
  • 0

    may be relevant to know xg model and firmware used

    how does cpu utilization look on the xg while the encrypted vpn traffic is passing across it?

    how does ping look from client to xg wan ip?

    what is max throughput unencrypted non-vpn to/from the same client over the internet to/from a system behind the xg using ftp or iperf or similar method to determine the max peering bandwidth between each connection?

  • 0

    Just for testing purposes, can you go to 'Show VPN Settings' in VPN and in 'Cryptographic Settings' try reducing the key size from the default (2048) to 1024 and check if it improves the performance ?

    • 0 in reply to Anish Deval

      Hi Anish,

      thank you for trying to help.

      I already gave that a try - no improvement at all :-/

      Cheers,

      Markus

      • 0 in reply to Markus Schlueter

        Hi,

        Can you please check the Window scaling in the console?

        show advanced-firewall

        Could you please give us more information about the traffic type, you use to see such a slow speed? CIFS, TCP Download, UDP Download?

        Cheers

        __________________________________________________________________________________________________________________

        • 0 in reply to LuCar Toni

          Hi ManBearPig,

          thanks for trying to help me :-)

          The traffic is slow for SFTP, CIFS (SMBv2), TCP and UDP (stream video e.g. via Skype or Amazon Prime)...

           

          show advanced-firewall output:

          Strict Policy : on
          FtpBounce Prevention : control
          Tcp Conn. Establishment Idle Timeout : 10800
          UDP Timeout Stream : 60
          Fragmented Traffic Policy : allow
          Midstream Connection Pickup : off
          TCP Seq Checking : on
          TCP Window Scaling : on
          TCP Appropriate Byte Count : on
          TCP Selective Acknowledgements : on
          TCP Forward RTO-Recovery[F-RTO] : off
          TCP TIMESTAMPS : off
          Strict ICMP Tracking : off
          ICMP Error Message : allow
          IPv6 Unknown Extension Header : deny


          Bypass Stateful Firewall
          ------------------------
          Source Genmask Destination Genmask


          NAT policy for system originated traffic
          ---------------------
          Destination Network Destination Netmask Interface SNAT IP

           

          • 0 in reply to Markus Schlueter

            Hi,

             

            The traffic is slow for SFTP, CIFS (SMBv2), TCP and UDP (stream video e.g. via Skype or Amazon Prime)...

             

            So you talking about a Client, who uses SSL VPN to connect to the XG and uses the tunnel to build up a Connection to the internet?

            So the XG is the default gateway for the client in the internet? Basically you have an issue with all the traffic, which goes through the XG to LAN/DMZ/WAN from VPN, correct?

             

            Cheers

            __________________________________________________________________________________________________________________

            • 0 in reply to LuCar Toni
              Problem seems not to be the VPN tunnel itself: Direct remote access via WAN port and business rule (access to WAN port IP address redirected to NAS) is also slow...
              • 0 in reply to Markus Schlueter

                Hi folks,

                 

                after switching from TCP to UDP "AND" reducing the Keysize from 2048 to 1024 I get 30-35 MBit/s instead of ~ 10 MBit/s (Internet access provider 100 down / 40 up).

                 

                I am happy.

                 

                Cheers,

                 

                Markus