A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

VPN performance question



 
 
Thread Tools Display Modes
  #11  
Old May 2nd 20, 12:13 AM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

Remember the farm cannot transmit to you faster than 800kb/s.
(Actually if that's right that's remarkably fast when download is only
1.5Mb/s, in my experience I'd expect less than half that)

If someone "dials" in to you you can transmit at 2.5Mb/s.

Does that explain the slowness of the connection from the farm?

--
Brian Gregory (in England).
  #12  
Old May 2nd 20, 12:23 AM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 01/05/2020 09:36, Peter wrote:
That really surprises me. I have been running VPNs for about 15 years
and always found PPTP to be very fast.


Reeeealy??

Most unreliable slow protocol known to human kind.


Obviously I am no expert but PPTP doesn't run over TCP/IP. It uses UDP
packets to form a nonstandard protocol, which is why PPTP doesn't work
over some networks. One needs specific support in routers etc for
PPTP. Usually this is present but not always.


Not if it's normal PPTP.

https://en.wikipedia.org/wiki/Point-...eling_Protocol

The totally sh1tty thing about PPTP is that it used TCP and tunneling
TCP via TCP doesn't work out well when retries are needed.

It's security is p1ss p00r too.


I am suspecting the MTU size negotiation being badly implemented in
some Draytek kit. I am sure the 2955 didn't do it right, but the 2960
seems to be ok. We got around the 2955 problem by setting MTU to 1300
in it and setting the same in a web server which sits on the inside of
the LAN. MTU issues can be a bugger and can account for weird issues
like a server being inaccessible from the internet over a particular
company's (say Vodafone) 4G.


Yes, but normally only if tunneling via UDP. Most UDP VPN protocols will
want to fit the packets being transmitted and the overhead due to the
VPN protocol encapsulation all in to a UDP packet that doesn't need to
be fragmented when send over the internet.

--
Brian Gregory (in England).
  #13  
Old May 2nd 20, 08:39 AM posted to uk.telecom.broadband
Graham J[_3_]
external usenet poster
 
Posts: 334
Default VPN performance question

Brian Gregory wrote:
Remember the farm cannot transmit to you faster than 800kb/s.
(Actually if that's right that's remarkably fast when download is only
1.5Mb/s, in my experience I'd expect less than half that)

If someone "dials" in to you you can transmit at 2.5Mb/s.

Does that explain the slowness of the connection from the farm?


No.

Using the LAN-to-LAN VPN to the farm the speed is acceptable.

Using dial-up VPN to the farm the speed is awful - unuseable.

This is from the same location. So for me I would simply not bother
with the dial-in VPN. But there are people who need a connection who
don't have a static IP address, so they cannot use a LAN-to-LAN VPN and
are therefore limited to dial-up. Which is why I was testing the dial-up.

All the other sites where I can test use a different Vigor router - the
problem site uses a V2832.

But all the other sites where I can test have faster upload speeds by
virtue of being VDSL rather than ADSL. Given the explanation of PPTP
requiring re-tries a slow or noisy upload channel from the farm might
explain it. But this is unlikely when the LAN-to-LAN VPN is also
carried over TCP and must also suffer retries if there is noise.

The dial-up VPN speed using L2TP is much better, comparable with
LAN-to-LAN, so I conclude it's either a problem with PPTP or with the
V2832, or both.

--
Graham J
  #14  
Old May 2nd 20, 12:33 PM posted to uk.telecom.broadband
Theo[_2_]
external usenet poster
 
Posts: 115
Default VPN performance question

Graham J wrote:
Using the LAN-to-LAN VPN to the farm the speed is acceptable.

Using dial-up VPN to the farm the speed is awful - unuseable.

This is from the same location. So for me I would simply not bother
with the dial-in VPN. But there are people who need a connection who
don't have a static IP address, so they cannot use a LAN-to-LAN VPN and
are therefore limited to dial-up. Which is why I was testing the dial-up.

All the other sites where I can test use a different Vigor router - the
problem site uses a V2832.


The spec sheet for the 2832 says:

VPN Dial-in/dial-out with VPN hardware co-processor.

It doesn't actually publish the CPU spec and I can't find anything that
mentions it. It's quite possible than the LAN to LAN VPN is being supported
by the hardware accelerator and the dialup VPN is having to run through the
CPU. Often routers like this don't have a very meaty CPU and can't push
very much traffic through if it can't go through the accelerator.

It's also possible that some VPN configurations can make use of the
accelerator and some can't. Perhaps try tweaking the settings to making the
most basic/'vanilla' config, one that's most likely to be supported by
hardware acceleration?

The 2830n had a Lantiq Amazon CPU with a 333MHz single-core MIPS CPU, so I
wouldn't expect any great shakes out of it. I don't know if the 2832 is
similarly underpowered.

Theo
  #15  
Old May 2nd 20, 12:41 PM posted to uk.telecom.broadband
Graham J[_3_]
external usenet poster
 
Posts: 334
Default VPN performance question

Theo wrote:
Graham J wrote:
Using the LAN-to-LAN VPN to the farm the speed is acceptable.

Using dial-up VPN to the farm the speed is awful - unuseable.

This is from the same location. So for me I would simply not bother
with the dial-in VPN. But there are people who need a connection who
don't have a static IP address, so they cannot use a LAN-to-LAN VPN and
are therefore limited to dial-up. Which is why I was testing the dial-up.

All the other sites where I can test use a different Vigor router - the
problem site uses a V2832.


The spec sheet for the 2832 says:

VPN Dial-in/dial-out with VPN hardware co-processor.

It doesn't actually publish the CPU spec and I can't find anything that
mentions it. It's quite possible than the LAN to LAN VPN is being supported
by the hardware accelerator and the dialup VPN is having to run through the
CPU. Often routers like this don't have a very meaty CPU and can't push
very much traffic through if it can't go through the accelerator.

It's also possible that some VPN configurations can make use of the
accelerator and some can't. Perhaps try tweaking the settings to making the
most basic/'vanilla' config, one that's most likely to be supported by
hardware acceleration?

The 2830n had a Lantiq Amazon CPU with a 333MHz single-core MIPS CPU, so I
wouldn't expect any great shakes out of it. I don't know if the 2832 is
similarly underpowered.


I suspect any performance differences are more due to differences in the
OS rather than the underlying hardware.

Experience generally is that the early V2830 is more responsive than the
successor V2830v2, and the V2832 is even slower.


--
Graham J
  #16  
Old May 2nd 20, 01:06 PM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 02/05/2020 08:39, Graham J wrote:
The dial-up VPN speed using L2TP is much better, comparable with
LAN-to-LAN, so I conclude it's either a problem with PPTP or with the
V2832, or both.


This is weird. I've never seen the phrase "dial-up" used this way before.

Well, as I said elsewhere, PPTP is, in my experience at least, really awful.


--
Brian Gregory (in England).
  #17  
Old May 2nd 20, 01:15 PM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 01/05/2020 10:39, Graham J wrote:
I think the problem may be that PPTP imitates the way TCP packets are
sequenced and acknowledged, so that if there is a delay PPTP re-sends
some packets.


I'm pretty certain Peter is wrong. PPTP uses TCP. That's why it's hopeless.

https://en.wikipedia.org/wiki/Point-...eling_Protocol

You end up tunnelling TCP through TCP and as soon as any retrying is
required the number of packets going back and forth can explode.

--
Brian Gregory (in England).
  #18  
Old May 2nd 20, 02:30 PM posted to uk.telecom.broadband
Graham J[_3_]
external usenet poster
 
Posts: 334
Default VPN performance question

Brian Gregory wrote:
On 02/05/2020 08:39, Graham J wrote:
The dial-up VPN speed using L2TP is much better, comparable with
LAN-to-LAN, so I conclude it's either a problem with PPTP or with the
V2832, or both.


This is weird. I've never seen the phrase "dial-up" used this way before.

Well, as I said elsewhere, PPTP is, in my experience at least, really
awful.


Draytek call it "Remote dial-in VPN"


--
Graham J
  #19  
Old May 2nd 20, 02:47 PM posted to uk.telecom.broadband
Richard Tobin
external usenet poster
 
Posts: 295
Default VPN performance question

In article ,
Graham J wrote:

The dial-up VPN speed using L2TP is much better, comparable with
LAN-to-LAN, so I conclude it's either a problem with PPTP or with the
V2832, or both.


This is weird. I've never seen the phrase "dial-up" used this way before.

Well, as I said elsewhere, PPTP is, in my experience at least, really
awful.


Draytek call it "Remote dial-in VPN"


Probably because PPTP is an encapsulation of PPP packets, which were
used for real dial-up. In other words it's a virtual dial-up done over
an existing TCP connection rather than a phone line.

-- Richard
  #20  
Old May 2nd 20, 04:27 PM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 02/05/2020 00:23, Brian Gregory wrote:
Not if it's normal PPTP.

https://en.wikipedia.org/wiki/Point-...eling_Protocol

The totally sh1tty thing about PPTP is that it used TCP and tunneling
TCP via TCP doesn't work out well when retries are needed.


Actually I just mentioned this to someone and apparently I'm wrong PPTP
doesn't normally tunnel through TCP. It tunnel with something called GRE
which isn't TCP or UDP!

But I've definitely found it unreliable when I've used it over
relatively slow links like ADSL.

--
Brian Gregory (in England).
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN ports blocked by many ISPs, SSL VPN? Doz uk.telecom.broadband (UK broadband) 1 September 13th 06 03:14 PM
VPN ports blocked by many ISPs, SSL VPN? Gordon Hudson uk.telecom.broadband (UK broadband) 0 September 11th 06 02:03 PM
VPN performance Rob S uk.telecom.broadband (UK broadband) 3 May 25th 05 05:10 PM
Vigor 2900G VPN v XP Pro VPN v XP Remote Desktop Fred Finisterre uk.telecom.broadband (UK broadband) 2 December 2nd 04 09:40 AM
3Com Wireless 11g Access Point (Performance Question) Lee J. Moore uk.telecom.broadband (UK broadband) 8 January 5th 04 12:11 AM


All times are GMT +1. The time now is 06:13 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2020 BroadbanterBanter.
The comments are property of their posters.