Slow vpn client connection on fast internet connections

What is your Uplink speed on this line?  That will be the top speed of the VPN connection.  VPN is always slower for the reasons above (software overhead).

I use site to site (hardware VPN) and that helps, but it still is slow because of the slower uplink speed.

If the connection is DSL, try setting MTU in the router to 1492 or a bit less and see if that helps.

the link including overhead is limited by the slower of the two connections.

what is the impact on the user in a 10 MB transfer out, but likely a slower upload speed from the client.

The user side workstation could also include an overhead.

look at a tools mini from speedtest.net. then test the available bandwidth estimate.

Link speed is 100/100 on both sides

Try hardware VPN to see if it improves. Most likely will improve.

Dr. Klahn is correct about the bandwidth cut 8nto half only if VPN server and file server are on different subnets, having to use the Internet connection too.

There is a speed limitation in the MS L2TP implementation, but I would expect it to be above 10Mb/s.

workstation os has a different resource allocation.

who is the "slower" through put impact.
How many VPN sessions exist ?

I tried tried the hardware route as well. In that instance the speed went up to 15mbps, however the speed was limited to the processing power of the router. Was hoping running it on a Windows box to increase the speed.

There was only one session running at the time.

however the speed was limited to the processing power of the router.

Check the throughput of the router. It should be 900 MBits/sec or faster.

Router max throughput is 1Gbps, however I assume that is for unencrypted transfers

See if it gives you a spec for VPN throughput. That may be much slower.

My upload speed here is 5 MBits/sec. VPN to clients is entirely useable. I can work with normal files and folders and use my client Desktop computer just fine.

So question:  Are you users being impeded by speed double what I have here?

We transfer huge files - 100 to 300 mb - also do a lot of Remote Desktop work

Are these remote users or different sites?  a HW based VPN for site to site would have a better performance.

While the files/data is being transerred, the person should be able to do what they need on the RDP session?
Check at Qos within the VPN...

You are not including any details how users are being impacted.

The impact is that the speed is slow for file transfer and remote desktop - obviously when you transfer files it will take up available bandwidth - speed is required to get the file transfer done as quickly as possible as to not impact Remote Desktop.

If RDP and file transfer are competing about bandwidth with above figures, it sounds like there are issues with the negotiation of TCP packets. Probably too much handshake going back and forth. That, in particular if TCP ACks need to be sent often without any payload to transfer, tends to kill a remote connection's usable bandwidth by saturating the package performance engine. Hardware is usually much better in handling such than Windows.

One way to improve the experience is by using a more sophisticated file transfer tool, like robocopy, which allows to throttle and more efficienly manage transfer. It also allows for resume after connection breakdown (or intentionally stopping the transfer).

BTW, you are NOT transferring files via copy & paste inside of the RDP session, hopefully?

You could use VPN qos to prioritize RDP 3389 traffic within the VPN

are you attaching local drives to the RDP session an this is the transfer?
is there another transfer option, ftp?

Remote Desktop is just one of the items used - not the main issue here - drives have been mapped and client machines access them as if they are in the office. Trying to improve the performance so that they have almost equal performance - understandable that it won't be the same as when in the office.

mapping drives even when not used consume bandwidth possibly if made available offline will sync while away without any user access.....

Your issue is two fold ss others pointed out L2TP over ipsec has its own overhead.

Having a hardware (cisco ASA, JUniper, sonicwall, watchguard, sophos, etc. ) a device dedicated to the firewall/VPN on which an IPSEC session will terminate should provide higher throughput.

in your setup, the windows server functioning as the VPN end point functions as the router for the VPN connections...
ipsec also has a lower overhead.

Correct - I understand that and as mentioned previously, I used hardware before, however the highest I got was 15mbps. The routers could not transfer faster - cpu was maxed out

That "overload" should not happen with recent routing hardware and a decent encryption like AES. With 3DES you could run out ouf CPU bandwidth very fast, but hardware now can perform encrytption in specialized hardware chips (at least with AES). L2TP and PPTP do not allow/use that encryption, and have never been intended for high performance either. Switching to IPsec or SSL VPN (the latter not recommended if speed is an issue) requires VPN clients, though. That much said in regard to hardware VPN.

Mapped drives (using SMB/CIFS) indeed consume bandwidth, for keeping file system info current - at least as long as Explorer is concerned. Mapping should take place only on demand, among others for security reasons. In addition, SMB/CIFS has not been intended for use over unreliable and slow links, so perform bad usually.
Whatsoever, all you probably can do without creating much ado is to have drives mapped on demand only.

And as said, I recommend to use RoboCopy (which is part of the OS since XP, in different releases and with different bugs ;-)) or something similar for file transfer.

What hw was involved and what else did it do? firewall, port forwarding,routing VPN did it do IDS/IPS, anti-virus scan, etc.

Sounds as though  it was under-speced for the need.
Even with that, based on your current experience that was performing better.

What else does the windows server on which the VPN connection terminate do?
Version, if it is priorized for application, file transfer will be at a lower priority. There is a different way to prioritize but the RRAS has to be looked at to see which ......

How many sessions does the FW/VPN has to handle..... number of users, functions .......
possibly having FW and VPN concentrator depending on how many VPN users you have

Look at the specs for vpn through put if using a single device.

I ran pass mark performance test on the network and noticed that when I test tcp I get max 18mbps, however if I switch over to udp speed goes up to 94.7 mbps.

udp does not have the overhead to setup a session before data is transmitted as set in tcp.

Is there a file transfer utility that allows for transfer via UDP instead? That may be the solution.

tftp

I don't understand why you ask for advise and is given to you and you still refuse by sticking to your problem.  You need to establish the connection by hardware to get the best results.   If this line is not dedicated for the VPN connection it won't really matter what you try still have to handle other traffic.

Hecgomrec - Firstly, I am not refusing anything. At the moment i am going through all options and looking at what route to take. You don't know what my situation is on this side and neither am i interested in discussing it with you. Secondly, if you read the thread you would have seen that i already tried the connections with hardware and only had a limited increase in speed, hence my request for other ideas and options. Unless you have something positive to add to the conversation, please keep your opinion to yourself.

Thank you for all the information supplied and suggestions given. greatly appreciated.