Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 35126 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN (Remote Access) - terrible latency issues / ping times

IngoTheiss

Hi,


I am really desperate with my new Sophos XG 85 and seeking your advice. I have successfully setup SSL VPN (Remote Access) on my Sophos XG 85 and users can connect and reach the internal LAN and internet. But as mentioned in the subject users are experiencing  terrible latency issues and ping times are the worst I have ever seen ranging from 70ms to > 1000ms with an average round-trip from 450 ms. It doesn't matter if I am connected via LAN, WIFI or mobile 4G LTE  or if I ping a LAN address like 192.168.100.1 or www.sophos.com. I tried different clients and connected from Windows, Mac OS X and Android. It doesn't make a difference.

 

My setup is as follows:

[ Internet ] --- [ Router (192.168.2.1) ] --- [ Sophos Port2 (192.168.2.2) ] --- [ Sophos Port1 (192.168.100.1) ] --- [Switch ]  --- [ LAN (192.168.100.0/24) ]


The [ Router ] is forwarding port 8443 to [ Sophos Port2 (192.168.2.2) ] . Enclosed you can find my SSL VPN Setting and the policy I have set up.

Any help is really appreciated.

Regards

Ingo



This thread was automatically locked due to age.
  • 0 in reply to lferrara

    Hi Luk,

    I connected via IPSec/L2TP but as mentioned before this doesn't make a difference. Ping stays bad an unstable ranging from 75 ms to > 1000 ms.
    Here is the tcpdump from a single ping to internal LAN address 192.168.100.2:

    19:32:09.160448 ppp0, IN: IP (tos 0x0, ttl 128, id 3682, offset 0, flags [none], proto ICMP (1), length 60)
        10.10.10.1 > 192.168.100.2: ICMP echo request, id 1, seq 140, length 40
    19:32:09.160550 Port1, OUT: IP (tos 0x0, ttl 127, id 3682, offset 0, flags [none], proto ICMP (1), length 60)
        10.10.10.1 > 192.168.100.2: ICMP echo request, id 1, seq 140, length 40
    19:32:09.161277 Port1, IN: IP (tos 0x0, ttl 64, id 59284, offset 0, flags [none], proto ICMP (1), length 60)
        192.168.100.2 > 10.10.10.1: ICMP echo reply, id 1, seq 140, length 40
    19:32:09.161309 ppp0, OUT: IP (tos 0x0, ttl 63, id 59284, offset 0, flags [none], proto ICMP (1), length 60)
        192.168.100.2 > 10.10.10.1: ICMP echo reply, id 1, seq 140, length 40

    Ingo

  • 0 in reply to IngoTheiss

    Hello,

    Did someone solve this problem ?

    Because I have the exactly same issue, ping response are between 50ms and 1200ms on my Sophos XG85w with SSL VPN.

    With PPTP it's worse, I got timeout error every 15 ping.

    Thank you for you help

  • 0 in reply to Raphaël Maire

    When experiencing bad ping times:

    -What bandwidth is used on internet?
    -What is WAN speed?

    A DSL modem has pretty large buffers,  filling up its upload will make everything pretty slow.

  • 0 in reply to sixteen again

    Hello and thank you for your answer,

    When I'm copying files on the NAS, the ping response explode when no activity, ping response is stable around 30ms.

    Bandwidth speeds are the following, on the site with Sophos XG DL:40Mbit/s UL:10 MBit/s. And the remote site it's DL:240Mbit/s UL:20Mbit/s.

    With the VPN connection on, I'm copying files on the NAS at 200ko/s. Sometimes it reach a peak at 1Mo/s and crash again sometimes below 100ko/s.

    On the Sophos WAN Port is configured as 100Mb Full duplex.

  • 0

    Hi IngoTheiss,

    Configure the Key size to 1024 in the SSL VPN policy settings. Reimport a fresh configuration file after making the changes.

    Thanks