Solved

VPN: which specific services and ports should be given priority

Posted on 2012-12-27
8
519 Views
Last Modified: 2013-01-17
asus vpn router rt-n16 has traffic priority regulator as the attached snapshot shows.
but i don't know specific  services and ports to be given  priorities and what bandwidth u/d capacity should be specified. i know that i need to specify upload should be maximized but how?

my comcast cable has the following throughput:
upload: 5+mbps
download: 30 mbps

shared folders to be accessed are in windows 7 shared folders in a workgroup

vpn clients access via this router the shared folders for:
intuit tax proseries.

currently i can see that all go to the tunnels. even my clients use my comcast connection internet when they connect via their windows vpn client. when they use speedtest.net, they see my comcast provider and not theirs.

this is the reason why it takes so long to load remotely the files because the upload is merely 1.5mbps.
vpn-servicice-traffic-QoS.jpg
0
Comment
Question by:Forinsight
  • 4
  • 3
8 Comments
 
LVL 21

Expert Comment

by:mcsween
Comment Utility
What type of vpn connection is this (SSL, IPSEC, PPTP, etc...)?

On your VPN clients you want to configure them to not use the remote gateway as their default, unless you want all their internet traffic to go over the VPN first.  In Windows the setting is buried a couple screens and buttons in.  See the screenshot from this link.
http://www.solo-technology.com/blog/2009/08/14/windows-vpn-tweak-dont-use-remotes-gateway/

Removing the remote gateway option might fix this issue so you don't need to set a CoS.
0
 

Author Comment

by:Forinsight
Comment Utility
although this recommendation is not proper for the issue involved, i tried it and found it to have made no difference.

if you use this and configured your vpn clients this way, you would immediately see read in the instructions that your client will be forced to use the remote gateway ONLY when it can not be sent to the LAN.

ANY MORE BRIGHT IDEA, please....
0
 

Author Comment

by:Forinsight
Comment Utility
please answer the question here and take a look at the snapshot. please..... no one has indeed answered the question!
0
 
LVL 21

Expert Comment

by:mcsween
Comment Utility
I can't answer the original question until you answer my follow up question. What type of vpn connection is this (SSL, IPSEC, PPTP, etc...)?

Removing the remote gateway as the default does have a huge bearing on bandwidth at the remote site.  If the remote gateway is set as the default then ALL internet traffic from the client will traverse the VPN and use bandwidth at the site.  Remember the internet is not on the LAN; it's on the WAN.  If you pull up a website this is a WAN connection but does not need to use the VPN therefore should hit your LAN gateway only and not the remote gateway.  This is commonly called a split-tunnel VPN.  You also will not see a benefit from re-configuring just one client; you have to re-configure all of them to see the bandwidth drop.

Please remember the experts on this site are volunteers and receive no compensation so please be courteous in your replies even if you don't fully understand why someone posted something.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Forinsight
Comment Utility
using PPTP rncsween. have i been discourteous? sorry if you think so. but, i never said anything that invites your ire. but that's not the issue.
0
 

Author Comment

by:Forinsight
Comment Utility
indeed i'm thankful for the job you're doing. i may sound irreverent but not discourteous. perhaps it's the inflection of the language or shall we say language cultural background. it's different when your hear me speak. sometimes we bow our heads to show respect and courtesy to our fellowmen. but how do i do that in writing english. it's second language to me. but next time i'll do my best to craft my sentences more politely... but i don't know how i can do that.
0
 
LVL 21

Accepted Solution

by:
mcsween earned 500 total points
Comment Utility
If you want your VPN connections set to the highest priority I would lower the priorities on web surfing and HTTPS to normal then create a new rule giving the highest priority to port TCP 47.  I would also create another rule if the router allows giving your vpn server (under source IP) the highest priority with no ports specified.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Hi mcsween.  Is that correct; "highest priority to port TCP 47" ?
Port 47 is a special NI-FTP service.
PPTP's GRE is Protocol 47, neither a TCP or UDP protocol

PPTP is TCP port 1743

Cheers!
--Rob
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now