This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-2-Site and SSL VPN slow

Hello everybody,

i have a problem with my new installed Sophos UTM v9.100-16. It's a VM with 2 vCPU's (3,40GHz), 2GB RAM and 80GB HDD and activatet with a home user license. All functions like IPS, Web-, E-Mail-, Endpoint- und Webserver Protection are disabled.
I have built up an IPSec VPN between Sophos and WatchGuard.

phase1: SHA1-3DES DH1024
phase2: SHA1-3DES

Both sites have a 100MBit/s synchronous connection, but i can only transmit with ~11mbit/s through the tunnel (whether http, ftp or smb). The cpu and ram load of both (Sophos and Watchguard) is less then 30%.
It's the same behavior if i transmit data through a site-to-end SSL VPN between the sophos and a client (encryption algorithm: aes-128-cbc, authentication algorithm: sha1, key size: 1024bit).
Without a vpn tunnel i can transmit data with ~95mbit/s in both directions and with a site-2-site vpn with same settings between the watchguard and a linux box it's about 80mbit/s.

Is there any reglementation in the home user license or is there another reason for this poor perfomance?

regards,

watch_this

This thread was automatically locked due to age.

0 BAlfson over 11 years ago

Hi, and welcome to the User BB!

There's no such limitiation. If you haven't already done so, use the software ISO to install, not the pre-packaged virtual image. Use the VMXNET3 drivers, not the Flexible. Did that resolve your issue?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 watch_this over 11 years ago in reply to BAlfson

Hi Bob,

thanks for replay! I have used the iso to install, but i can't use the vmxnet3 driver, because it's a proxmox virtuel environment.
Anyway - i think the network interface cards are correctly recognized:

Any other ideas?

regards,

watch_this
Cancel
Vote Up 0 Vote Down

Cancel
0 gilipeled over 11 years ago

Hi ,

Not sure if it will help but did you tried the latest version 9.101-12 ?
Anyway a tunnel should not reduce the speed dramatically like you described .
Can you put some logs of the tunnel so we can try to figure out the issue ?
But first please install latest update and inform.

All my best

Gil Peled.

CEO- Expert2IT LTD.

SOPHOS Platinum Partner.

Gil@expert2it.co.Il.
Cancel
Vote Up 0 Vote Down

Cancel

0 watch_this over 11 years ago in reply to gilipeled

Hi gilipeled,

where did you find the new version? I have looked here: Index of /UTM/v9/up2date/ and there is version 9.100-16 the newest.

And here is the IPSec Site-2-Site log with all debuging options enabled.

2013:05:30-07:55:44 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_NONE

2013:05:30-07:55:44 sophos pluto[31286]: | length: 32

2013:05:30-07:55:44 sophos pluto[31286]: | DOI: ISAKMP_DOI_IPSEC

2013:05:30-07:55:44 sophos pluto[31286]: | protocol ID: 1

2013:05:30-07:55:44 sophos pluto[31286]: | SPI size: 16

2013:05:30-07:55:44 sophos pluto[31286]: | Notify Message Type: R_U_THERE_ACK

2013:05:30-07:55:44 sophos pluto[31286]: | info: eb 56 4d 6b 0c b4 2f a3 21 f8 4e 3e fe 6d 2d ec

2013:05:30-07:55:44 sophos pluto[31286]: | 00 00 76 02

2013:05:30-07:55:44 sophos pluto[31286]: | received DPD notification R_U_THERE_ACK with seqno = 30210

2013:05:30-07:55:44 sophos pluto[31286]: | next event EVENT_NAT_T_KEEPALIVE in 10 seconds

2013:05:30-07:55:48 sophos pluto[31286]: |

2013:05:30-07:55:48 sophos pluto[31286]: | *received 68 bytes from ***.***.***.***:4500 on eth0

2013:05:30-07:55:48 sophos pluto[31286]: | **parse ISAKMP Message:

2013:05:30-07:55:48 sophos pluto[31286]: | initiator cookie:

2013:05:30-07:55:48 sophos pluto[31286]: | eb 56 4d 6b 0c b4 2f a3

2013:05:30-07:55:48 sophos pluto[31286]: | responder cookie:

2013:05:30-07:55:48 sophos pluto[31286]: | 21 f8 4e 3e fe 6d 2d ec

2013:05:30-07:55:48 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_HASH

2013:05:30-07:55:48 sophos pluto[31286]: | ISAKMP version: ISAKMP Version 1.0

2013:05:30-07:55:48 sophos pluto[31286]: | exchange type: ISAKMP_XCHG_INFO

2013:05:30-07:55:48 sophos pluto[31286]: | flags: ISAKMP_FLAG_ENCRYPTION

2013:05:30-07:55:48 sophos pluto[31286]: | message ID: b5 11 f4 5d

2013:05:30-07:55:48 sophos pluto[31286]: | length: 68

2013:05:30-07:55:48 sophos pluto[31286]: | ICOOKIE: eb 56 4d 6b 0c b4 2f a3

2013:05:30-07:55:48 sophos pluto[31286]: | RCOOKIE: 21 f8 4e 3e fe 6d 2d ec

2013:05:30-07:55:48 sophos pluto[31286]: | peer: b2 05 ab d6

2013:05:30-07:55:48 sophos pluto[31286]: | state hash entry 22

2013:05:30-07:55:48 sophos pluto[31286]: | state object #1 found, in STATE_MAIN_I4

2013:05:30-07:55:48 sophos pluto[31286]: | ***parse ISAKMP Hash Payload:

2013:05:30-07:55:48 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_D

2013:05:30-07:55:48 sophos pluto[31286]: | length: 24

2013:05:30-07:55:48 sophos pluto[31286]: | ***parse ISAKMP Delete Payload:

2013:05:30-07:55:48 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_NONE

2013:05:30-07:55:48 sophos pluto[31286]: | length: 16

2013:05:30-07:55:48 sophos pluto[31286]: | DOI: ISAKMP_DOI_IPSEC

2013:05:30-07:55:48 sophos pluto[31286]: | protocol ID: 3

2013:05:30-07:55:48 sophos pluto[31286]: | SPI size: 4

2013:05:30-07:55:48 sophos pluto[31286]: | number of SPIs: 1

2013:05:30-07:55:48 sophos pluto[31286]: "S_HomeBox" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcacc81fa) not found (maybe expired)

2013:05:30-07:55:48 sophos pluto[31286]: | del: ca cc 81 fa

2013:05:30-07:55:48 sophos pluto[31286]: | next event EVENT_NAT_T_KEEPALIVE in 6 seconds

2013:05:30-07:55:54 sophos pluto[31286]: |

2013:05:30-07:55:54 sophos pluto[31286]: | *time to handle event

2013:05:30-07:55:54 sophos pluto[31286]: | event after this is EVENT_DPD_UPDATE in 19 seconds

2013:05:30-07:55:54 sophos pluto[31286]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds

2013:05:30-07:55:54 sophos pluto[31286]: | next event EVENT_DPD_UPDATE in 19 seconds for #2

2013:05:30-07:56:13 sophos pluto[31286]: |

2013:05:30-07:56:13 sophos pluto[31286]: | *time to handle event

2013:05:30-07:56:13 sophos pluto[31286]: | event after this is EVENT_NAT_T_KEEPALIVE in 1 seconds

2013:05:30-07:56:13 sophos pluto[31286]: | get esp.fc5011f1@10.10.10.254

2013:05:30-07:56:13 sophos pluto[31286]: | current: 0 bytes

2013:05:30-07:56:13 sophos pluto[31286]: | get inbound policy with reqid 16385

2013:05:30-07:56:13 sophos pluto[31286]: | XFRM_MSG_GETPOLICY returned with errno 2: No such file or directory

2013:05:30-07:56:13 sophos pluto[31286]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #2

2013:05:30-07:56:13 sophos pluto[31286]: | next event EVENT_NAT_T_KEEPALIVE in 1 seconds

2013:05:30-07:56:14 sophos pluto[31286]: |

2013:05:30-07:56:14 sophos pluto[31286]: | *time to handle event

2013:05:30-07:56:14 sophos pluto[31286]: | event after this is EVENT_DPD in 0 seconds

2013:05:30-07:56:14 sophos pluto[31286]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds

2013:05:30-07:56:14 sophos pluto[31286]: | next event EVENT_DPD in 0 seconds for #1

2013:05:30-07:56:14 sophos pluto[31286]: |

2013:05:30-07:56:14 sophos pluto[31286]: | *time to handle event

2013:05:30-07:56:14 sophos pluto[31286]: | event after this is EVENT_NAT_T_KEEPALIVE in 20 seconds

2013:05:30-07:56:14 sophos pluto[31286]: | **emit ISAKMP Message:

2013:05:30-07:56:14 sophos pluto[31286]: | initiator cookie:

2013:05:30-07:56:14 sophos pluto[31286]: | eb 56 4d 6b 0c b4 2f a3

2013:05:30-07:56:14 sophos pluto[31286]: | responder cookie:

2013:05:30-07:56:14 sophos pluto[31286]: | 21 f8 4e 3e fe 6d 2d ec

2013:05:30-07:56:14 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_HASH

2013:05:30-07:56:14 sophos pluto[31286]: | ISAKMP version: ISAKMP Version 1.0

2013:05:30-07:56:14 sophos pluto[31286]: | exchange type: ISAKMP_XCHG_INFO

2013:05:30-07:56:14 sophos pluto[31286]: | flags: ISAKMP_FLAG_ENCRYPTION

2013:05:30-07:56:14 sophos pluto[31286]: | message ID: e5 ea c5 af

2013:05:30-07:56:14 sophos pluto[31286]: | ***emit ISAKMP Hash Payload:

2013:05:30-07:56:14 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_N

2013:05:30-07:56:14 sophos pluto[31286]: | emitting 20 zero bytes of HASH into ISAKMP Hash Payload

2013:05:30-07:56:14 sophos pluto[31286]: | emitting length of ISAKMP Hash Payload: 24

2013:05:30-07:56:14 sophos pluto[31286]: | ***emit ISAKMP Notification Payload:

2013:05:30-07:56:14 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_NONE

2013:05:30-07:56:14 sophos pluto[31286]: | DOI: ISAKMP_DOI_IPSEC

2013:05:30-07:56:14 sophos pluto[31286]: | protocol ID: 1

2013:05:30-07:56:14 sophos pluto[31286]: | SPI size: 16

2013:05:30-07:56:14 sophos pluto[31286]: | Notify Message Type: R_U_THERE

2013:05:30-07:56:14 sophos pluto[31286]: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload

2013:05:30-07:56:14 sophos pluto[31286]: | notify icookie eb 56 4d 6b 0c b4 2f a3

2013:05:30-07:56:14 sophos pluto[31286]: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload

2013:05:30-07:56:14 sophos pluto[31286]: | notify rcookie 21 f8 4e 3e fe 6d 2d ec

2013:05:30-07:56:14 sophos pluto[31286]: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload

2013:05:30-07:56:14 sophos pluto[31286]: | notify data 00 00 76 03

2013:05:30-07:56:14 sophos pluto[31286]: | emitting length of ISAKMP Notification Payload: 32

2013:05:30-07:56:14 sophos pluto[31286]: | emitting length of ISAKMP Message: 84

2013:05:30-07:56:14 sophos pluto[31286]: | sent DPD notification R_U_THERE with seqno = 30211

2013:05:30-07:56:14 sophos pluto[31286]: | inserting event EVENT_DPD, timeout in 30 seconds for #1

2013:05:30-07:56:14 sophos pluto[31286]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds

2013:05:30-07:56:14 sophos pluto[31286]: |

2013:05:30-07:56:14 sophos pluto[31286]: | *received 84 bytes from ***.***.***.***:4500 on eth0

2013:05:30-07:56:14 sophos pluto[31286]: | **parse ISAKMP Message:

2013:05:30-07:56:14 sophos pluto[31286]: | initiator cookie:

2013:05:30-07:56:14 sophos pluto[31286]: | eb 56 4d 6b 0c b4 2f a3

2013:05:30-07:56:14 sophos pluto[31286]: | responder cookie:

2013:05:30-07:56:14 sophos pluto[31286]: | 21 f8 4e 3e fe 6d 2d ec

2013:05:30-07:56:14 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_HASH

2013:05:30-07:56:14 sophos pluto[31286]: | ISAKMP version: ISAKMP Version 1.0

2013:05:30-07:56:14 sophos pluto[31286]: | exchange type: ISAKMP_XCHG_INFO

2013:05:30-07:56:14 sophos pluto[31286]: | flags: ISAKMP_FLAG_ENCRYPTION

2013:05:30-07:56:14 sophos pluto[31286]: | message ID: 80 97 f7 37

2013:05:30-07:56:14 sophos pluto[31286]: | length: 84

2013:05:30-07:56:14 sophos pluto[31286]: | ICOOKIE: eb 56 4d 6b 0c b4 2f a3

2013:05:30-07:56:14 sophos pluto[31286]: | RCOOKIE: 21 f8 4e 3e fe 6d 2d ec

2013:05:30-07:56:14 sophos pluto[31286]: | peer: b2 05 ab d6

2013:05:30-07:56:14 sophos pluto[31286]: | state hash entry 22

2013:05:30-07:56:14 sophos pluto[31286]: | state object #1 found, in STATE_MAIN_I4

2013:05:30-07:56:14 sophos pluto[31286]: | ***parse ISAKMP Hash Payload:

2013:05:30-07:56:14 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_N

2013:05:30-07:56:14 sophos pluto[31286]: | length: 24

2013:05:30-07:56:14 sophos pluto[31286]: | ***parse ISAKMP Notification Payload:

2013:05:30-07:56:14 sophos pluto[31286]: | next payload type: ISAKMP_NEXT_NONE

2013:05:30-07:56:14 sophos pluto[31286]: | length: 32

2013:05:30-07:56:14 sophos pluto[31286]: | DOI: ISAKMP_DOI_IPSEC

2013:05:30-07:56:14 sophos pluto[31286]: | protocol ID: 1

2013:05:30-07:56:14 sophos pluto[31286]: | SPI size: 16

2013:05:30-07:56:14 sophos pluto[31286]: | Notify Message Type: R_U_THERE_ACK

2013:05:30-07:56:14 sophos pluto[31286]: | info: eb 56 4d 6b 0c b4 2f a3 21 f8 4e 3e fe 6d 2d ec

2013:05:30-07:56:14 sophos pluto[31286]: | 00 00 76 03

2013:05:30-07:56:14 sophos pluto[31286]: | received DPD notification R_U_THERE_ACK with seqno = 30211

2013:05:30-07:56:14 sophos pluto[31286]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds

2013:05:30-07:56:34 sophos pluto[31286]: |

2013:05:30-07:56:34 sophos pluto[31286]: | *time to handle event

2013:05:30-07:56:34 sophos pluto[31286]: | event after this is EVENT_DPD_UPDATE in 9 seconds

2013:05:30-07:56:34 sophos pluto[31286]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds

2013:05:30-07:56:34 sophos pluto[31286]: | next event EVENT_DPD_UPDATE in 9 seconds for #2

0 gilipeled over 11 years ago

Look good there is a newer one there.

Gil Peled.

CEO- Expert2IT LTD.

SOPHOS Platinum Partner.

Gil@expert2it.co.Il.
Cancel
Vote Up 0 Vote Down

Cancel
0 gilipeled over 11 years ago

Download and install it.

I will be at my office in 30 min , if you want write my Skype I am ready to connect with you in a webex or so to try to assist you.

Skype : peled.gil

All my best

Gil Peled.

CEO- Expert2IT LTD.

SOPHOS Platinum Partner.

Gil@expert2it.co.Il.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Like gilipeled said, u2d-sys-9.100016-101012.tgz.gpg is the one you want.

Unless someone asks for the debug version, it's usually easier to see the issues with out all of the debug lines. In the present case, before posting the IPsec log, take a look in the Intrusion Prevention log to see if IPsec packets are being seen as a UDP Flood.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Site-2-Site and SSL VPN slow

Submitted a Tech Support Case lately from the Support Portal?