Slow VPN

I used the following KBs to install and configure VPN on
Windows Server 2003 and XPs pro.

How To Install and Configure a Virtual Private Network
Server in Windows Server
2003http://support.microsoft.com/?id=323441

How to configure a connection to a virtual private
network (VPN) in Windows XP
http://support.microsoft.com/?id=314076

The data outbound is working fine and as expected, but
the inbound is very slow at 28kb/s, which is creating
kind of bottleneck in the connection adsl 512/128.

Any help please ?

Regards

 

One thought is to tweak the MTU for your DSL connection. You would have to
check the device docs for instructions. Make sure you document your current
setting and change the setting just a bit at a time. I think aroud 1450 may
be a good place to start. I don't use DSL anymore. --- Steve

 

Hi Steve

With all due respect, I didn't understand a thing you've
said. "tweak the MTU" and "around 1450 may be a good
place to start". I can't understand. I am sorry, there
must be something more straightforward and better than
that... :-D

Regards

You would have to check the device docs for instructions.
Make sure you document your current setting and change
the setting just a bit at a time. I think aroud 1450 may
be a good place to start. I don't use DSL anymore. ---
Steve

 

TCP/IP and NBT Configuration Parameters for Windows 2000 or Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q120642

TCP/IP and NBT Configuration Parameters for Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314053

 

What these 2 KBs got to do with my problem ?

 

OK. See the link below for more details. MTU stands for maximum
transmissiion unit and if it is too large you can end up with packet
fragmentation that will slow down data transmission. The pppoe connectoid or
the router device will have configuration settings to change the MTU size.
Check your docs for what you are using. It may also help to contact your ISP
if their support staff is on this planet. The manufactures of most routers
will have their full manual on their website or a FAQ that may be able to
help you out. --- Steve

http://www.allaboutjake.com/network/linksys/mtu.html

 

Thanks

I followed step-by-step KB 323441 and I contend that there is no reason why
it should not work 100%. There must be something else somewhere else I
should check or uncheck. With a network of 130 users, I am not quite keen
on suggestions which may affect in one way or another my environment. I
would very much appreciate a helpful suggestion or at least the reason why I
am experiencing this problem, and if I need to change anything in relation,
for example, to the hardware. Of course, I remain at your disposal for any
further information you may require.

Regards

OK. See the link below for more details. MTU stands for maximum
transmissiion unit and if it is too large you can end up with packet
fragmentation that will slow down data transmission. The pppoe connectoid or
the router device will have configuration settings to change the MTU size.
Check your docs for what you are using. It may also help to contact your ISP
if their support staff is on this planet. The manufactures of most routers
will have their full manual on their website or a FAQ that may be able to
help you out. --- Steve

http://www.allaboutjake.com/network/linksys/mtu.html

 

Keep in mind that your uplink speed is one fourth of your download speed.
Add into that the overhead of VPN with encryption and resultant extra packet
size and it will seem slow. I had a that same uplink speed at my business
and it was painfully slow. Also the thought of MTU adjustment would be an
adjustment with your DSL router - not your actual VPN configuration with the
server. I use a Netgear NAT router/firewall and I can adjust the MTU on it
which will not in any way affect internal non WAN network performance. ---
Steve

 

It is worth noting that inbound traffic (ie inbound to the VPN server)
will depend on the rate that the client can send. If the client has a slow
uplink, that controls the throughput.

 

I guess you said it better than me Bill. I had a VPN between work and home.
Cable modem at home and DSL at work. They both had great download speeds
with the cable modem being blazingly fast from places like Microsoft. But
when using the VPN on either end from the other it was sloooooooow. I think
they were both limited to 128k uplink. --- Steve

 

The "slow side" of the DSL is the speed that VPN will always run at. It will
not use the "faster side" of the DSL. So you start out with the slow side
to begin with and then add all the other factors (and possible problems) on
top of that.

 

Wouldn't that depend on the speed of VPN on each side though and the
direction of the bulk to the network activity? If I had a 512/128 DSL with
a VPN to a remote site with a 512/512 connection I would expect that for
file transfers when I was copying a file to the remote VPN it would be a lot
slower than when I would be copying a file from it. --- Steve

 

Someone tried to explain it once and I think my eyes glazed over, but what
it all said was that VPN always follows the slower "upload" speed of a duel
speed DSL or Cable (runs at 128 for a 512/128 line). If the two involved
Cable/DSLs were not the same speed (512/521 vs 521/128) then I am pretty
sure it goes with the lowest common denominator (128) similar to the way it
was with the old modem technology. I suspect that the creation of the
Tunnel causes this in getting everything to be in sync.

If you want exact details, I don't think I could give them.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

 

Hi Phillip. That was me. Sorry your eyes glazed over!

I'll try it again. The A in ADSL stands for asymetric. It indicates that
the send and receive rates are not equal. Commonly, download is 4 times
faster than upload. If you use it for Internet access, that's fine, because
you normally download much more than you upload.

Now look at VPN. As an example, take a site with a 1meg/256k ADSL
connection and a client with a 256/64k ADSL.

From server to client, the send rate is 256k and the client receive is 256k
.. Great!

Now look at the other way. Server receive rate is 1 meg, but client send
rate is 64k ! Think dialup modem speed.

 

Yes it was! Don't worry about the eyes glazing over ,...they do that
sometimes.

I understood that part. It was the part about the VPN itself seeming to
lock into the slowest speed (lowest common denominator) no matter which
direction it was going,...so the higher speed in one direction never gets
used,...while other non-VPN traffic never suffered from that. I have assumed
it was due to the Tunnel having to "sync" up at each end so it goes with the
slowest speed similar to the way the old modems of different speeds settles
on the speed of the slowest modem.

 

No, I haven't struck that. And the original poster (remember him way back
at the top?) didn't seem to have it either. The transfer from server to
client was good, client to server was slow.