Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 1800 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Remote access really slow

apijnappels

I've been getting complaints lately that SSL speeds are really slow, so I started testing myself.

On our work we have a SG330 with 9.705-3 connected to a 500/500 Mbps fiber connection.
At home I have a 1000/10000Mbps fiber connection.

Usually I use an IPSEC connection between home and work (at home through an XG firewall).

Iperf output with server on UTM-side and connected to my usual IPSEC-connection:

C:\iperf-3.1.3-win64>iperf3.exe -c 192.168.1.45
Connecting to host 192.168.1.45, port 5201
[  4] local 172.16.16.100 port 55470 connected to 192.168.1.45 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  12.2 MBytes   103 Mbits/sec
[  4]   1.00-2.01   sec  12.2 MBytes   102 Mbits/sec
[  4]   2.01-3.00   sec  12.1 MBytes   103 Mbits/sec
[  4]   3.00-4.00   sec  11.9 MBytes  99.8 Mbits/sec
[  4]   4.00-5.00   sec  12.5 MBytes   105 Mbits/sec
[  4]   5.00-6.01   sec  12.2 MBytes   102 Mbits/sec
[  4]   6.01-7.00   sec  11.8 MBytes  99.1 Mbits/sec
[  4]   7.00-8.01   sec  12.8 MBytes   106 Mbits/sec
[  4]   8.01-9.01   sec  12.8 MBytes   106 Mbits/sec
[  4]   9.01-10.00  sec  12.1 MBytes   102 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec   123 MBytes   103 Mbits/sec                  sender
[  4]   0.00-10.00  sec   123 MBytes   103 Mbits/sec                  receiver

iperf Done.

Not too bad with little over 100Mbps both up- and downloadspeed using iPerf.

Now when switching to SSL VPN this dramatically worsens to just under 3 Mbps

C:\iperf-3.1.3-win64>iperf3.exe -c 192.168.1.45
Connecting to host 192.168.1.45, port 5201
[  4] local 10.242.2.17 port 60582 connected to 192.168.1.45 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec   640 KBytes  5.22 Mbits/sec
[  4]   1.00-2.01   sec   256 KBytes  2.08 Mbits/sec
[  4]   2.01-3.01   sec   256 KBytes  2.10 Mbits/sec
[  4]   3.01-4.01   sec   256 KBytes  2.10 Mbits/sec
[  4]   4.01-5.01   sec   256 KBytes  2.10 Mbits/sec
[  4]   5.01-6.01   sec   384 KBytes  3.15 Mbits/sec
[  4]   6.01-7.01   sec   128 KBytes  1.05 Mbits/sec
[  4]   7.01-8.00   sec   384 KBytes  3.16 Mbits/sec
[  4]   8.00-9.00   sec   256 KBytes  2.10 Mbits/sec
[  4]   9.00-10.00  sec   128 KBytes  1.05 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec  2.88 MBytes  2.41 Mbits/sec                  sender
[  4]   0.00-10.00  sec  2.73 MBytes  2.29 Mbits/sec                  receiver

iperf Done.

More than 30x slower using the exact same connections and at the time of testing just 1 other SSL client connected.

SSL VPN settings on UTM:
UDP port 443
Encryption: AES-128-CBC
Authentication: SHA1
Key size: 1024 bit
Compression: On

Can someone confirm SSL VPN remote access being this slow or better, have suggestions on how to improve if possible at all?



This thread was automatically locked due to age.