Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 10760 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Poor performance for OpenVPN clients

CharlieE

I've noticed recently a degradation in download speeds for OpenVPN clients under UTM 9 (possibly since 9.4). 

My speed tests indicate that regardless of device, I'll cap out at around 2Mbps throughput when the VPN connection is active & 16-17Mbps without the VPN.  I've also tested without the UTM connected and I get VPN speeds of around 15Mbps (so pretty close to full speed). 

I've narrowed the problem to specifically my UTM, but I can't figure out where the issue is.  I've turned off Web Filtering, IPS, Network Visibility - everything I could think of to improve the speed without any results. 


Can someone suggest any other tweaks I could do?  Anyone else with this problem? 



This thread was automatically locked due to age.
  • 0

    Hi,

    Please check #7 in the Rulz.

    Hope that helps :)

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    sachingurung said:

    Please check #7 in the Rulz.

    Hope that helps :)

    Thanks, but it didn't.  I ran through the list without any changes to performance with the VPN connected.  There is no throughput issues without the VPN which is what Rule #7 seems to be trying to fix.  

    Is there any specific advice or suggestions for poor performance on VPN traffic?  Is it something to do with logging or packet inspection on the UTM?  

  • 0

    Sounds like an MTU problem. How are you and your UTM connected to internet?

  • 0 in reply to papa_

    PPPoE on UTM to DSL modem. I'll recheck the MTU & try dropping it a bit further.

  • 0 in reply to CharlieE

    Ok, dropped MTU on WAN progressively to 1300. Still exactly the same - caps out around 2Mbps.

  • 0 in reply to CharlieE

    Hi, Charlie, and welcome to the UTM Community!

    12?? might be the magical MTU.  If 1200 makes no difference, I wouldn't try any lower.

    I like to set the protocol to UDP instead of TCP.  Not only does that accelerate a tunnel that's already performing well, it might avoid possible TCP timeouts you might be having.

    If you're still having an issue, I think you're stuck doing a packet capture to see what's happening.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Apparently not, Bob. :-(


    I've since done some more testing:

    • Setup a new, more powerful UTM with 9.351 & restored my backup to it: same result!
    • Tested the UTM in another location with Ethernet WAN/dynamic IP instead of PPPoE - same result!


    To me it's starting to feel like a "shaping" or "throttling" that's configured somewhere and I can't see it.  Obviously it's my configuration that is problematic but I don't particularly fancy rebuilding it from scratch.  Is there a command-line reset for throttling or a way I can check to see if there's some legacy shaping rules somewhere? 

  • 0 in reply to CharlieE

    Hi Charlie,

    Check if any QoS policies are configured. Take SSH to UTM and capture  *.log | grep x.x.x.x (IP assigned via VPN poll).

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Cookie Information Banner