?
Solved

Netopia 4541 Slow VPN connection

Posted on 2003-03-29
17
Medium Priority
?
1,171 Views
Last Modified: 2007-12-19
I have installed a new network running a windows 2000 server; file server only.  We have an IDSL connection to the network which attaches to our Netopia 4541.  I have setup the Netopia as a VPN serverand, although we have the ability to setup 8 connections, I have only set up one for testing.  I have set up the remote clients (client to VPN connection) using the stock Windows VPN client.  (I have tested this on both a 2000 machine running ADSL and an XP machine using IDSL)  

We are using PPTP with encryption and the clients are given a DHCP address for the private network upon authentication. The clients are using this VPN to connect to personal folders for Outlook and use Word documents.  Problem is, they can connect and authenticate fine, but the connection is extremely slow.

I have contacted Netopia tech support and they have looked at the VPN appliance directly through telnet and have stated that everything is as it should be.  I disabled encryption with no change in speed.  

I have looked over other answers in this forum and have seen referrences to both MTU settings and using termnal services.  Terminal services is not preferrable at this juncture and I have not had the time to check MTU settings.  I should note that I can see the server box and map to it using IP, but not name.  (Am going to be checking the hosts file tomorrow.)  

So I gues to sum up, the pipelines are big, the VPN appliance is supposedly setup correctly, and the clients are connecting, with low throughput.  I know UDP is faster, but that L2TP's advanced encryption makes it comparable to PPTP over TCP, but would it help? What could be other causes as I'm am running out of answers?  

If someone could give me some insight as to what the best solution would be I'd be greatful.  I'll be back in the office on Monday (03/31/03) but will try to check back tomorrow if possible (I'm snowed out of my house right now)  Thanks.

P.S.  I have compression enable on the client side, but when I look at the connection properties it shows that compression is not enabled; and Netopia told me, as well as my own experience, that their is nowhere in the console to modify compression, it is just always on from the apliance side.
0
Comment
Question by:1BigGuy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +2
17 Comments
 

Expert Comment

by:Solaris2003
ID: 8258708
what are they waiting for..

- what tools do you use to diag the speed?
- copy large data and check differences
  a) between clients
  b) in time
- Pathping
- make direct connections to sources and verify

* bottleneck probing

return of the living dead: send us more nurses...
0
 
LVL 3

Expert Comment

by:cococan
ID: 8259396
What about the lights?  When there is not supposed to be any traffic, do you see the lights (traffic indication) on your routers?  In other words, do you have loop or any other kind of unexpected traffic?

What do you see in the Task Manager of the W2K and XP machines when you go to the Processes tab and sort the list by CPU?  Is there heavy load?

Let us find out who is the culprit first!

Regards

Huseyin K.
0
 

Expert Comment

by:simonains
ID: 8260433
As a test, you could try enabling Outlook Web Access, it's on the Exchange CD, (I'm assuming blithely you're using Exchange mind you). It is far less traffic intensive than using a 'normal' network connection to access folders and stuff though an Outlook client. If you still see poor performance, you can rule out network load as the culprit.

HTH

Simonains
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Expert Comment

by:Solaris2003
ID: 8260614
Reduce problem overhead first and
pinpoint to p2p connections
terminate all other running clients
to reduce elements of surprice.

keep it down to

client - interface/gateway - source (internet/network)
remove routers/bridges

Add them back one-by-one to find the
slowass (could be hub or bad-set router..)
think ICMP routing overhead???



Without one Step there is only one long road ahead.
0
 

Author Comment

by:1BigGuy
ID: 8262453
I have configured the system for only one connection right now and am down to a path of remote node>>remote Netopia>>Internet>>VPN Netopia>>DELL PowerConnect hub>>Server.  I've run ping to establish MTU size, which can go up to a buffer size of 1372 before fragmenting.  The time is nearing 300ms per response.  I haven't tried to download large file yet (tunnel vision), but will try that tonight.  I have not noticed any heightened network activity on either of the routers or the hub up to this point, but I will double-check.  There does not appear to be any CPU intensive apps, other than Outlook when it's attempting to open and obtain the personal folders.  The site chose not to purchase Exchange and is therefore using an ISP pop server with their own personal folders, which is what they are accessing the VPN for primarily; also have a lot of Word documents they are modifying.  The Word docs also take some time to open as well.  It should be noted that I am trying to troubleshoot this in the evenings when I know none of the staff are on the network, thereby trying to minimize network load as much as possible.  Thanks for the comments, I will test them (and double-check) tonight and let you know what I found out tomorrow.  Solaris2003, my favorite quote was "Send more cops."
0
 

Expert Comment

by:simonains
ID: 8290307
Another thought occurs, could it simply be that your ISP has some routing issues they won't admit to, perhaps they have been upgrading their network. Also, is it possible that the Netopia device itself is timing out connections, this would mean that the traffic would not increase by a huge amount but the same connection would be re - made time after time. I would also check that the router at the telco's end is OK (if possible). I know this product needs special equipment at the exchange unlike ISDN.

HTH

Simonains.
0
 

Expert Comment

by:simonains
ID: 8298161
I found this, which might provide some useful links and information on MTU etc.

http://www.cisco.com/warp/public/105/56.html

HTH
0
 

Expert Comment

by:Solaris2003
ID: 8307112
I still wonder about ICMP overheat
- routing requests can slowdown the network a bit
  but you removed extra obstacles in the line
  and still have slowdowns?

maybe protocol depended scanning makes a difference
there is a protocolscanner (download.com .. yeah, that one)
you can can TCP/IP and UDP protocol specific packets.
but maybe you have better stuff (please tell me :)
so, you can determine if its protocol specific slowdown.
if not, then there is something general mismatched.

You are not using GRE for tunneling??
0
 

Author Comment

by:1BigGuy
ID: 8314973
Sorry it’s taken so long to get back to you all.  I went through a complete reconfig of the router with Netopia, using information they had received from Qwest as to what is Qwest standard.  Though it would help, but it had minimal impact.  I have changed the MTU size to 1371 as it was fragmenting at 1344 so I added in the 28bit overhead.  The large file download is slow as well.  

The client is still connecting efficiently to the VPN device, but accessing anything on the server is slow.  When I observe the processes and CPU demand while opening Outlook (the pst files reside on the remote server) I don’t see a big CPU hit; in fact, I see very little.  The System Idle Process takes up anywhere from 92 – 97% of the CPU time.  While at the same time, Outlook moves like a turtle and a 220 MB file will take 111 minutes to download over the line.  

The remote site uses a symmetrical 640 Kbps line and I am using an ISDN line.   One of Microsoft’s articles stated the issue of Outlook “hanging” had been addressed in SP3 for Win2k, but I’ve installed the patch and have not seen any difference.  I am not using a GRE tunnel.  I have a PPTP tunnel with the MPPE encryption.  The Circuit VCI is 32 and the VPI is 0. The circuit type is multimode.  Data link encapsulation is PPP, and the mode is VC multiplexed.  Data compression is Standard LZS  with PAP authentication.  

Although the client is configured to allow compression, when connected it shows that compression is disabled.  We are only using a peer-to-peer network at the remote site, could the latency have anything to do with a lack of DNS servers on the local network?  I have not sniffed any packets yet and haven’t tried downloading the protocolscanner yet.
0
 

Expert Comment

by:Solaris2003
ID: 8316175
Protocolscanner:
Look at www.eEye.com
You will find Retina and Iris (the scanner)

so, what protocols are you using?
And Check your cables, replace them.
You have a cable checking device?




back to the Basics :
A B C, Apple, Bread, and some Cognitive digestion
0
 

Author Comment

by:1BigGuy
ID: 8316582
Thanks for the heads up on the scanner.  Have you used Snort ported to Windows yet?  If so how did you like it?  We are using straight TCP/IP only.
I do have a cable tester and have tested all cables, and all look fine.  An interesting thing happened today in that the network apparently came to a slow crawl for anyone attempting to access files. (No one has told me if they notice latency on the Internet yet)  One of the employees was attempting to search the file server for Word docs and then open them.  He states that once he closed the search box and Word, that the network seemed to come back online.  Unfortunately I'm out of the office right now so I won't be able to look over the logs until this weekend.  May be something.  In addition, I've just found out while righting this that one of the users was streaming media, quite possibly at the same time.  I'll definitely recheck the cables, but could streaming media and a search query of a server bring down a 100 network by themselves?  The MTU size within the network should be 1500 by default right?
0
 

Author Comment

by:1BigGuy
ID: 8316583
Thanks for the heads up on the scanner.  Have you used Snort ported to Windows yet?  If so how did you like it?  We are using straight TCP/IP only.
I do have a cable tester and have tested all cables, and all look fine.  An interesting thing happened today in that the network apparently came to a slow crawl for anyone attempting to access files. (No one has told me if they notice latency on the Internet yet)  One of the employees was attempting to search the file server for Word docs and then open them.  He states that once he closed the search box and Word, that the network seemed to come back online.  Unfortunately I'm out of the office right now so I won't be able to look over the logs until this weekend.  May be something.  In addition, I've just found out while righting this that one of the users was streaming media, quite possibly at the same time.  I'll definitely recheck the cables, but could streaming media and a search query of a server bring down a 100 network by themselves?  The MTU size within the network should be 1500 by default right?
0
 

Expert Comment

by:Solaris2003
ID: 8319691
I have heared about snort, never used it.
Streaming media can do impact if users have
full (uncapped) access to the resource.
?) streaming media is UDP? then Udp (uncontrolled protocol) will fight TCP/IP because of the Window limitation of TCP/IP (controlled protocol)this can hurt TCP/IP transfers alot..

This issue is already to find on the Net, red about it
±2y ago. About how UPD and TCP fight eachother for window size and bandwidth capacity.

Do initiate streaming media and check the line.. :)
thats another fine way to check this!
(good thing.. i have to do this one time,too..)




Whats he doing in the redzone?,
Sex frank?
No, not at the moment, thanks

0
 

Author Comment

by:1BigGuy
ID: 8368663
Thanks for your patience.  I walked through the paces again this weekend by unplugging the Netopia from everything but the server and attempting the connection, unfortunately I saw no change in speed.  Although I downloaded Iris, I didn't use it as there was no computers on on the network, even when they were attached, and the hub wasn't showing any activity.

I'm to the point that I believe it's either the Netopia device's throughput, or it is Office XP.  I'm not seeing any bandwidth increases on the local adapter (or VPN adapter) of the client machine when connected, nor am I seeing any CPU usage, yet Outlook locks up and must be ended; or when not touched, it will take a subsantial time to load, if it ever does.

My fear is that it is a problem with Outlook and that we will change solutions, yet still have the problem.  Unfortunately the decision has been made to trash the Netopia and go with another vendor.  I thank all that sent answers.  Unfortunately I don't know how to score this as nothing solved the problem.  Simonians gave a good referrence, but Solaris2003 gave the most helpful tips.  I will therefore split the points if possible, can a moderator please let me know the best way to do this?
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 8422797
Dear 1BigGuy

As there's no real answer, I did PAQ this question and refunded the 500 points.
Now you can post two "Points for <expertname>" Q's for the experts in this topic area to give them the points for their assistance.

Please:
1) Post the link to the original Q in the "Points for <expertname>" and
2) Add in the original Q a comment with the link to the "Points for <expertname>", thus the email notif will warn the expert.

modulo

Community Support Moderator
Experts Exchange
0
 

Author Comment

by:1BigGuy
ID: 8423015
0

Featured Post

Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question