This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Poor performance for OpenVPN clients

I've noticed recently a degradation in download speeds for OpenVPN clients under UTM 9 (possibly since 9.4).

My speed tests indicate that regardless of device, I'll cap out at around 2Mbps throughput when the VPN connection is active & 16-17Mbps without the VPN. I've also tested without the UTM connected and I get VPN speeds of around 15Mbps (so pretty close to full speed).

I've narrowed the problem to specifically my UTM, but I can't figure out where the issue is. I've turned off Web Filtering, IPS, Network Visibility - everything I could think of to improve the speed without any results.

Can someone suggest any other tweaks I could do? Anyone else with this problem?

This thread was automatically locked due to age.

0 sachingurung over 9 years ago

Hi,

Please check #7 in the Rulz.

Hope that helps :)
Cancel
Vote Up 0 Vote Down

Cancel
0 CharlieE over 9 years ago in reply to sachingurung

sachingurung said:

Please check #7 in the Rulz.

Hope that helps :)

Thanks, but it didn't. I ran through the list without any changes to performance with the VPN connected. There is no throughput issues without the VPN which is what Rule #7 seems to be trying to fix.

Is there any specific advice or suggestions for poor performance on VPN traffic? Is it something to do with logging or packet inspection on the UTM?
Cancel
Vote Up 0 Vote Down

Cancel
0 papa_ over 9 years ago

Sounds like an MTU problem. How are you and your UTM connected to internet?
Cancel
Vote Up 0 Vote Down

Cancel
0 CharlieE over 9 years ago in reply to papa_

PPPoE on UTM to DSL modem. I'll recheck the MTU & try dropping it a bit further.
Cancel
Vote Up 0 Vote Down

Cancel
0 CharlieE over 9 years ago in reply to CharlieE

Ok, dropped MTU on WAN progressively to 1300. Still exactly the same - caps out around 2Mbps.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to CharlieE

Hi, Charlie, and welcome to the UTM Community!

12?? might be the magical MTU. If 1200 makes no difference, I wouldn't try any lower.

I like to set the protocol to UDP instead of TCP. Not only does that accelerate a tunnel that's already performing well, it might avoid possible TCP timeouts you might be having.

If you're still having an issue, I think you're stuck doing a packet capture to see what's happening.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 CharlieE over 9 years ago in reply to BAlfson
Apparently not, Bob. :-(

I've since done some more testing:

Setup a new, more powerful UTM with 9.351 & restored my backup to it: same result!

Tested the UTM in another location with Ethernet WAN/dynamic IP instead of PPPoE - same result!

To me it's starting to feel like a "shaping" or "throttling" that's configured somewhere and I can't see it. Obviously it's my configuration that is problematic but I don't particularly fancy rebuilding it from scratch. Is there a command-line reset for throttling or a way I can check to see if there's some legacy shaping rules somewhere?
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 9 years ago in reply to CharlieE

Hi Charlie,

Check if any QoS policies are configured. Take SSH to UTM and capture *.log | grep x.x.x.x (IP assigned via VPN poll).

Thanks
Cancel
Vote Up 0 Vote Down

Cancel