DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

VPN slowing traffic by ~90% !

russell_i_brown
Topic Author
User

28 Nov 2011 18:11 #1 by russell_i_brown

VPN slowing traffic by ~90% ! was created by russell_i_brown

I have two sites, one with a 2820 and one with a 2830. They're both connected via WAN2 to ~10mbit EFM lines with an IPSec AH-SHA1 Auth VPN between the two.

Doing some speed tests with IPerf I'm seeing the speed through the VPN to be very very (~90%) much slower than the raw EFM to EFM speeds.

For example.

host behind router A (2820) via the vpn to a host behind router B (2830):



Code:
# iperf -c 192.168.30.1 -i 5
------------------------------------------------------------
Client connecting to 192.168.30.1, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.11.1 port 35264 connected with 192.168.30.1 port 5001
[  3]  0.0- 5.0 sec    728 KBytes  1.19 Mbits/sec
[  3]  5.0-10.0 sec    512 KBytes    839 Kbits/sec
[  3]  0.0-10.6 sec  1.22 MBytes    964 Kbits/sec

same systems but without the VPN (going direct to the external IP of the 2830):



Code:
# iperf -c  -i 5
------------------------------------------------------------
Client connecting to , TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.11.1 port 49083 connected with 109.224.211.84 port 5001
[  3]  0.0- 5.0 sec  5.44 MBytes  9.12 Mbits/sec
[  3]  5.0-10.0 sec  5.05 MBytes  8.48 Mbits/sec
[  3]  0.0-10.3 sec  10.5 MBytes  8.55 Mbits/sec

Wow! That's nearly 10 times faster!!! :o

System A has the default route set to the 2820, here's a traceroute across the vpn:



Code:
# mtr -r -c 1 192.168.30.1
HOST: systemA                     Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. v2820                             0.0%     1    0.2   0.2   0.2   0.2   0.0
  2. 192.168.30.254                0.0%     1   35.8  35.8  35.8  35.8   0.0
  3. systemB                          0.0%     1   36.2  36.2  36.2  36.2   0.0

and direct to the external IP:



Code:
# mtr -r -c 1 
HOST: systemA                           Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. v2820                                   0.0%     1    0.2   0.2   0.2   0.2   0.0
  2. no-reverse-dns-set.gradwell.  0.0%     1   21.9  21.9  21.9  21.9   0.0
  3. no-reverse-dns-set.gradwell.  0.0%     1   36.6  36.6  36.6  36.6   0.0

Does anyone have any ideas? While I can see that using the VPN will have some overhead, dropping from 8Mbit to 800Kbit seems a little excessive!

(PS tests run the other way, from System B back to System A, show the same dropoff).

TIA

Please Log in or Create an account to join the conversation.