VPN Slow Performance
Slow Performance while VPN to the network.
Does anyone know why VPN performance is so slow when running speedtest (80MB directly to the internet and only 10MB while through VPN). There is no split tunneling enabled so all internet traffic goes through the VPN tunnel.
Thank you in advance,
Does anyone know why VPN performance is so slow when running speedtest (80MB directly to the internet and only 10MB while through VPN). There is no split tunneling enabled so all internet traffic goes through the VPN tunnel.
Thank you in advance,
Keep in mind a VPN is by directional. Upload speed affects traffic. i.e if you access a file or internet though the VPN tunnel it is limited to the upload speed of the remote site. It is common with Internet connections to have 100 Mb down but only 10 mb up.
Might that be your case.
Might that be your case.
Sorry John, I didn't see you post when I did do.
No problem :)
ASKER
Thank you everyone for the response.
The upload looks fine after the VPN but the download is very slow. I'm vpn to the HQ office and my home speed is 80MB and the HQ Office is 1G and I get only 9MB download through VPN.
The upload looks fine after the VPN but the download is very slow. I'm vpn to the HQ office and my home speed is 80MB and the HQ Office is 1G and I get only 9MB download through VPN.
What is your upload speed at your home (office speed does not appear to be the limiter)?
ASKER
Upload is 20MB and I get half of that through VPN, which is fine. But the concern is:
Home without VPN:
80MB download / 20MB upload
Home with VPN through Office:
9MB MB download / 9MB upload
I should at least get close to 80MB (or close to 50MB upload) because my home download is slower than HQ's internet, which is 1GB.
Thank you!
Home without VPN:
80MB download / 20MB upload
Home with VPN through Office:
9MB MB download / 9MB upload
I should at least get close to 80MB (or close to 50MB upload) because my home download is slower than HQ's internet, which is 1GB.
Thank you!
Upload is 20MB and I get half of that through VPN <-- That seems normal because of VPN overhead.
But the concern is: … Home with VPN through Office: 9MB MB download / 9MB upload <-- That seems to match the above.
my home download is slower than HQ's internet, which is 1GB. <--- Your home speed is not related to your office speed but connected via VPN you home is the limiter.
Are you using Split Tunnel IPsec or PPTP VPN?
But the concern is: … Home with VPN through Office: 9MB MB download / 9MB upload <-- That seems to match the above.
my home download is slower than HQ's internet, which is 1GB. <--- Your home speed is not related to your office speed but connected via VPN you home is the limiter.
Are you using Split Tunnel IPsec or PPTP VPN?
ASKER
Hi John,
No split tunneling and we're using IPSec. All internet traffic goes through the HQ office.
So still doesn't make sense as my home internet without VPN is 80MB and with VPN, the internet through the HQ is 9MB? that is 1/9 of the home internet speed. I understand the VPN overhead that 1/9 of the speed for normal traffic and the rest for overhead?
No split tunneling and we're using IPSec. All internet traffic goes through the HQ office.
So still doesn't make sense as my home internet without VPN is 80MB and with VPN, the internet through the HQ is 9MB? that is 1/9 of the home internet speed. I understand the VPN overhead that 1/9 of the speed for normal traffic and the rest for overhead?
Turn Split Tunneling ON and do not use Head Office for internet.
@LateNaite
It makes absolutely perfect sense that the speed would be less over the VPN. You are comparing Apples and Oranges here. You home internet is basically just you and maybe some other devices using that circuit. No encryption, nothing. Your VPN is encrypted, and sent an entirely different path onto a device that is shared by other users and resources. That is why you are seeing such a difference.
Additionally, i am pretty sure QOS policies are in place to prioritize traffic traversing the device at your HQ.
It makes absolutely perfect sense that the speed would be less over the VPN. You are comparing Apples and Oranges here. You home internet is basically just you and maybe some other devices using that circuit. No encryption, nothing. Your VPN is encrypted, and sent an entirely different path onto a device that is shared by other users and resources. That is why you are seeing such a difference.
Additionally, i am pretty sure QOS policies are in place to prioritize traffic traversing the device at your HQ.
ASKER
HI Soulja,
Yes, understood but trying to figure which devices might be causing this. I have access to all devices (include edge router) and there doesn't seem to be any settings that I am aware of. May be QoS on setting at the ISP level?
It is just odd I would get a download on 10% of my original internet speed.
Thank you!
Yes, understood but trying to figure which devices might be causing this. I have access to all devices (include edge router) and there doesn't seem to be any settings that I am aware of. May be QoS on setting at the ISP level?
It is just odd I would get a download on 10% of my original internet speed.
Thank you!
And maybe the VPN terminating device isn't capable of processing VPN encryption fast enough to go over that rate ... Device performance shouldn't be limiting that much, though. Do you have similar speed if transfering files from the office?
@LateNaite
Think of the different devices you have to go through to do a download. You'd have to encrypt the data, traverse the VPN to the Firewall or Router, be decrypted, then routed out the internet at HQ. Then the return traffic would have to come back, back to the vpn firewall or router and be encrypted back to you and then decrypted. That doesn't include the other responsibilities the devices are doing at the HQ and other user s using the internet and VPN.
Think of the different devices you have to go through to do a download. You'd have to encrypt the data, traverse the VPN to the Firewall or Router, be decrypted, then routed out the internet at HQ. Then the return traffic would have to come back, back to the vpn firewall or router and be encrypted back to you and then decrypted. That doesn't include the other responsibilities the devices are doing at the HQ and other user s using the internet and VPN.
ASKER
Hi John,
Correction on the type of VPN tunnel, it is a SSL VPN and not IPSec VPN and not sure if we can enable Split Tunneling. They are protecting from internet virues..etc from traveling from the internet to HQ.
Qlemo, I will see if I can do a file transfer.
Soulja, going to think about this because it still shouldn't be only 10% when connected to VPN. I internal resources and tested against an speedtest server residing t the HQ office and that is the speed that I get. I was not using the speedtest server on the internet.
thank you!
Thank you!
Correction on the type of VPN tunnel, it is a SSL VPN and not IPSec VPN and not sure if we can enable Split Tunneling. They are protecting from internet virues..etc from traveling from the internet to HQ.
Qlemo, I will see if I can do a file transfer.
Soulja, going to think about this because it still shouldn't be only 10% when connected to VPN. I internal resources and tested against an speedtest server residing t the HQ office and that is the speed that I get. I was not using the speedtest server on the internet.
thank you!
Thank you!
@Latenaite
Even if you test on a speed server on site at the HQ, you are still going through shared resources and encryption. The encrypting device apparently doesn't have high throughput coupled with the other tasks and user's it's responsible for. The only way you could get the closest apple to apples comparison is if you sat that device inside your home network. VPN'd to it and did a speedtest through your home internet. This way your using the same circuit and is the only user on the device.
Even if you test on a speed server on site at the HQ, you are still going through shared resources and encryption. The encrypting device apparently doesn't have high throughput coupled with the other tasks and user's it's responsible for. The only way you could get the closest apple to apples comparison is if you sat that device inside your home network. VPN'd to it and did a speedtest through your home internet. This way your using the same circuit and is the only user on the device.
ASKER
Thank you Soulja for your response.
I think the issue is related to DTLS, which I am trying to try after hours soon. Our vpn box is behind a firewall:
DTLS tunnel. Using DTLS avoids latency and bandwidth problems associated with SSL connections and improves the performance of real-time applications that are sensitive to packet delays.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/vpn/asa-95-vpn-config/vpn-anyconnect.html#id_33603
I think the issue is related to DTLS, which I am trying to try after hours soon. Our vpn box is behind a firewall:
DTLS tunnel. Using DTLS avoids latency and bandwidth problems associated with SSL connections and improves the performance of real-time applications that are sensitive to packet delays.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/vpn/asa-95-vpn-config/vpn-anyconnect.html#id_33603
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If VPN speed is roughly your upload speed, then that is probably as good as it will get.