Why are connections so slow over VPN?
Overview
The most common cause of slow connections across VPN tunnels is the laws of networking: no connection can go faster than its slowest peer. You'll find that bandwidth throughput is generally limited by the lowest of the four bandwidth numbers involved in the connection: downstream and upstream, at both ends. For example, let's say your connection looks like this:
Site A | Site B | |
Download bandwidth | 1 Gbps | 50 Mbps |
Upload bandwidth | 1 Gbps | 10 Mbps |
You'll find that your connection will be limited to 10 Mbps at best, owing to the upload limitation from Site B, regardless of the fact that Site A is able to both send and receive data at a much higher rate.
OpenVPN overhead
An OpenVPN tunnel also requires approximately 25% of the tunnel's total speed in overhead, so if the maximum bandwidth of the tunnel is 10 Mbps, you likely will not see more than ~8 Mbps.
Bypassing tunnel traffic
You might try bypassing and prioritizing VPN traffic to make the trip through the NG Firewall as transparent as possible.
To bypass the connection, you'll need to create two rules in Config > Network > Bypass Rules.
- The first rule will have the condition Source Interface is [your VPN] and the action 'bypass'.
- The second rule will have the condition Destination Interface is [your VPN] and the action 'bypass'.
- Do not combine these rules into one rule; they must be two separate rules.
Prioritizing tunnel traffic
To prioritize traffic passing through the tunnel, go to Config > Network > Advanced > QoS > QoS Rules. Create two new rules:
- The first rule will have the condition Source Interface is [your VPN] and the priority 'Very High'.
- The second rule will have the condition Source Address is [remote subnet(s)] and the priority 'Very High'.
- Do not combine these rules into one rule; they must be two separate rules.
Prioritizing OpenVPN traffic
If you're using OpenVPN, you can just set the 'OpenVPN priority' drop-down to 'Very High' instead of creating prioritization rules.
Follow
Comments
0 comments
Please sign in to leave a comment.