Why are connections so slow over VPN?

Overview

The most common cause of slow connections across VPN tunnels is the laws of networking: no connection can go faster than its slowest peer. You'll find that bandwidth throughput is generally limited by the lowest of the four bandwidth numbers involved in the connection: downstream and upstream, at both ends. For example, let's say your connection looks like this:

  Site A Site B
Download bandwidth 1 Gbps 50 Mbps
Upload bandwidth 1 Gbps 10 Mbps

You'll find that your connection will be limited to 10 Mbps at best, owing to the upload limitation from Site B, regardless of the fact that Site A is able to both send and receive data at a much higher rate.

OpenVPN overhead

An OpenVPN tunnel also requires approximately 25% of the tunnel's total speed in overhead, so if the maximum bandwidth of the tunnel is 10 Mbps, you likely will not see more than ~8 Mbps.

Bypassing tunnel traffic

You might try bypassing and prioritizing VPN traffic to make the trip through the NG Firewall as transparent as possible.

To bypass the connection, you'll need to create two rules in Config > Network > Bypass Rules.

  • The first rule will have the condition Source Interface is [your VPN]​ and the action 'bypass'.
  • The second rule will have the condition Destination Interface is [your VPN]​ and the action 'bypass'.
  • Do not combine these rules into one rule; they must be two separate rules.

ovpn_1.png

 

Prioritizing tunnel traffic

To prioritize traffic passing through the tunnel, go to Config > Network > Advanced > QoS > QoS Rules. Create two new rules:

  • The first rule will have the condition Source Interface is [your VPN]​ and the priority 'Very High'.
  • The second rule will have the condition Source Address is [remote subnet(s)]​ and the priority 'Very High'. 
  • Do not combine these rules into one rule; they must be two separate rules.

bypass_VPN.png

Prioritizing OpenVPN traffic

If you're using OpenVPN, you can just set the 'OpenVPN priority' drop-down to 'Very High' instead of creating prioritization rules.

ovpn_2.png

Follow
Was this article helpful?
5 out of 8 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk