VPN, DSL, and MTU

I have a VPN server connected to a DSL line. I connec to it from many sources. I feel that the performance is not always as good as it should be. Some functions are very quick, others are slow.

I have read that there may be a MTU issue. I am wondering if there is a way to monitor the MTU and see if packets are being fragmented. Is there some sort of packet monitor? What is the best way to troubleshoot this problems?

Thanks.
LVL 3
sypderAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sypderAuthor Commented:
Our VPN server has a static IP address (I believe this means we are not using PPPoE).
0
austinstaceCommented:
Wireshark( http://www.wireshark.org/ ) is a network protocol analyzer. It's pretty flexible to filter out the packets you are looking for and provides some in depth information on them.

Stace
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
giltjrCommented:
Just because you have a static IP addresss does not mean you are not using PPPoE.  If you are using ADSL, SDSL or HDSL, you are using PPPoE.

Assuming you are using ADSL you do realize that this is Asymentical.  Meaning that you have to different speeds.  From you to the Internt (upstream) and from the Internet to you (downstream).    Genrally upstream is limited to 384 Kbps and downstream is anywhere from 786 Kbps up to 3 Mbps.  Something like:

                  |<------ 768 - 3000 Kbps -----|
     SERVER |                                              | Internet
                  |--------- 384 Kbps  -------->|


So if you have ADSL  you are limited to 384 Kbps from your VPN server to the Internet.   The more people you have connecting to the VPN server, the slower it will get.  The more data you are sending from the server side, the longer it will take.
0
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

sypderAuthor Commented:
Yes, I am aware of ADSL. The performance is still much slower than it should be. 10 seconds to open a few line text file is pretty slow. We also have the "premium" DSL package.

Thanks for the PPPoE clarification.

I will take a look at wireshark now.
0
sypderAuthor Commented:
Thanks for the wireshark link. Basically, I had about 78 packets recorded, and saw quite a few errors like:

"This is a TCP duplicate ack"

I don't see anything about broken packets, but maybe I don't know where to look.
0
giltjrCommented:
You are most likely going to get packet fragmentation no matter what you do.

Say you have:

   "application server" <---- VPN Server ----> Internet <-----> Your PC

Most likely all of the devices are setup with a MTU of 1500.  However when you connect to the VPN server with your client, you create an virtual connection between your PC and the VPN server.  The data that flows in the tunnle is real IP packets.  These IP packets must fit within a "normal" IP packet.  Sort of like putting an letter in an envlope and then putting that envlope inside another envlope.

The problem is that the application sever does NOT know that there is a tunnle, so it sends out a 1500 byte packet.  So when the server sends out data (the letter) it puts it into an IP packet of 1500 bytes (the 1st envlope).  The VPN server must put that IP packet into a second IP packet (the 2nd envlope), but it can't put 1500 bytes into 1500 bytes, so it must break down the 1st packet ("tear up the 1st envlope into smaller pieces") and put into smaller packets.  This is what causes the fragmentation.  There is really no way to get around this without causing other perfromance problems.

What type of DSL do you have?  What is the speed?

How many people can also connect to the VPN sever?

Are you the person in charge of the VPN sever/network?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.