?
Solved

How To - Troubleshoot VPN Performance Issues (Home to Internal Network Logins)

Posted on 2014-01-02
10
Medium Priority
?
557 Views
Last Modified: 2014-01-11
Heyas,

Can you anyone direct me to some good troubleshooting guidelines for troubleshooting, performance issues on VPN links. Slow speeds (uploads/downloads) and slow logins.

Thank you.
0
Comment
Question by:Zack
8 Comments
 
LVL 100

Expert Comment

by:John Hurst
ID: 39752974
Look at the routers on both ends for the MTU setting. Default is 1500 and 1492 or a bit less is usually better for VPN connections. That is the first thing I would try.

Remember VPN uses the slow side of an asynchronous link and so it normally slow at the best of times.

.... Thinkpads_User
0
 

Author Comment

by:Zack
ID: 39753061
Cheers Thinks_User. Any other experts out there willing to expand.
0
 
LVL 13

Expert Comment

by:ktaczala
ID: 39754037
What type of VPN?  You say home to Internal Network.  Do you mean home to office? Is your VPN connecting via router to router?  Or VPN client ipsec software to Router. Or Windows VPN over PPTP(RRAS)?  Do you have static IP's at both ends? What's your Upload/Download Speed at both ends?  Your best speed will be governed by the slowest speed.
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 

Author Comment

by:Zack
ID: 39754836
Type of VPN = Remote access VPNs
Home to Office Connection = Yes
Windows VPN over PPTP = Yes
Do you have static IP's at both ends? = Yes
Upload/Download speed at both ends is:
Home =10MB/1MB
Office = 5MB/5MB

Thank you
0
 
LVL 62

Expert Comment

by:gheist
ID: 39772425
You have veery fast home internetconnection. No idea why you are complaining.
0
 
LVL 29

Accepted Solution

by:
Bill Bach earned 2000 total points
ID: 39772440
I think the points made above are all accurate, and one of the problems with your question is that there is no "quick" answer.  You must start with a fundamental working knowledge of networking at the local level:
  Internetworking with TCP/IP, by Comer

Then, need to understand how TCP/IP networks actually work and be able to troubleshoot them:  
    Guide to TCP/IP, by Chappell/Tittel
    Troubleshooting TCP/IP, by Miller

While going through those books, pay special attention to sections on WAN links, latency, and the like. Essentially, a VPN is simply an encrypted link which makes the computer think it is on a different network by tunnelling packets through the encrypted network.  As soon as you add encryption to the mix, your latency times increase, and performance decreases accordingly.

To get further down the stack, you can look at the network packets through a tool like Wireshark:
    Wireshark Network Analysis, by Chappell

With all that information socked away, you should be able to troubleshoot any type of network performance problems.  Of course, if you ALSO have a WiFi network involved, then you've got a lot more books on EMI, broadcast communications, and more.

As for other tools, the most common tolls will be PING, TRACERT, FPING (the kwakkelflap version), and Wireshark, to get started.  Tools are only as good as the knowledge you have, though.  For example, an arc welder can be a very useful and powerful tool -- but I know nothing about welding, and this tool would be useless in my hands.  


Going beyond your question -- I would guestimate that the biggest issue is overall latency -- the time it takes to get a request from your machine at home to the office machine.  Going through all of the various network components can be quite a chore, and it is even slower when you include a VPN, since every packet now has to be encrypted/decrypted.  Short form:  Try PING SERVERNAME from inside the office (or use FPING if PING simply says "<1ms"), and then again from home.  Look at the numbers, and this should be your expected performance differential.  For example, if PING reports a round trip network time of:
    Office PC to Office Server: 0.1ms
    Home PC to Office Server: 29ms
Now, you can reasonably expect any operation running at home to take approximately 290 times longer than it takes at the office.  For something taking 1 second at work, expect 5 minutes from home.  Yes, the math doesn't lie, and physics is hard to overcome.

Now, the above is not completely true -- some operations (like downloading a file) will stream data in only one direction (the books will shed light on this), and these operations will be MUCH faster than 290x slower.  The WHY is left as an exercise for the reader.

I hope this helps to answer the question and get you started towards an understanding....
0
 

Author Closing Comment

by:Zack
ID: 39772880
Thank you for the info I look into those resources.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39773029
best diagnostic tool is at http://netalyzr.icsi.berkeley.edu
it tells where you have MTU problems or unreachable DNS because of VPN changing routes etc...
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question